last sync: 2021-Jan-27 16:54:46 UTC

Azure Policy definition

Storage accounts should have infrastructure encryption

Name Storage accounts should have infrastructure encryption
Azure Portal
Id 4733ea7b-a883-42fe-8cac-97454c2a9e4a
Version 1.0.0
details on versioning
Category Storage
Microsoft docs
Description Enable infrastructure encryption for higher level of assurance that the data is secure. When infrastructure encryption is enabled, data in a storage account is encrypted twice.
Mode Indexed
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default: Audit
Allowed: (Audit, Deny, Disabled)
Used RBAC Role none
History
Date/Time (UTC ymd) (i) Change type Change detail
2020-10-07 16:00:33 add 4733ea7b-a883-42fe-8cac-97454c2a9e4a
Used in Initiatives
Initiative DisplayName Initiative Id Initiative Category State
[Preview]: CMMC Level 3 b5629c75-5c77-4422-87b9-2509e680f8de Regulatory Compliance Preview
Json
{
  "properties": {
    "displayName": "Storage accounts should have infrastructure encryption",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "Enable infrastructure encryption for higher level of assurance that the data is secure. When infrastructure encryption is enabled, data in a storage account is encrypted twice.",
    "metadata": {
      "version": "1.0.0",
      "category": "Storage"
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the audit policy"
        },
        "allowedValues": [
          "Audit",
          "Deny",
          "Disabled"
        ],
        "defaultValue": "Audit"
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.Storage/storageAccounts"
          },
          {
            "field": "Microsoft.Storage/storageAccounts/encryption.requireInfrastructureEncryption",
            "notEquals": "true"
          }
        ]
      },
      "then": {
      "effect": "[parameters('effect')]"
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/4733ea7b-a883-42fe-8cac-97454c2a9e4a",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "4733ea7b-a883-42fe-8cac-97454c2a9e4a"
}