AzPolicyAdvertizer

last sync: 2021-Sep-22 19:36:51 UTC

Azure Policy definition

Storage accounts should have infrastructure encryption

Name Storage accounts should have infrastructure encryption
Azure Portal
Id 4733ea7b-a883-42fe-8cac-97454c2a9e4a
Version 1.0.0
details on versioning
Category Storage
Microsoft docs
Description Enable infrastructure encryption for higher level of assurance that the data is secure. When infrastructure encryption is enabled, data in a storage account is encrypted twice.
Mode Indexed
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default: Audit
Allowed: (Audit, Deny, Disabled)
Used RBAC Role none
History
Date/Time (UTC ymd) (i) Change type Change detail
2020-10-07 16:00:33 add 4733ea7b-a883-42fe-8cac-97454c2a9e4a
Used in Initiatives
Initiative DisplayName Initiative Id Initiative Category State
[Preview]: CMMC Level 3 b5629c75-5c77-4422-87b9-2509e680f8de Regulatory Compliance Preview
[Preview]: NIST SP 800-53 Rev. 5 179d1daa-458f-4e47-8086-2a68d0d6c38f Regulatory Compliance Preview
FedRAMP High d5264498-16f4-418a-b659-fa7ef418175f Regulatory Compliance GA
FedRAMP Moderate e95f5a9f-57ad-4d03-bb0b-b1d16db93693 Regulatory Compliance GA
NIST SP 800-53 Rev. 4 cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f Regulatory Compliance GA
JSON 
{
  "displayName": "Storage accounts should have infrastructure encryption",
  "policyType": "BuiltIn",
  "mode": "Indexed",
  "description": "Enable infrastructure encryption for higher level of assurance that the data is secure. When infrastructure encryption is enabled, data in a storage account is encrypted twice.",
  "metadata": {
    "version": "1.0.0",
    "category": "Storage"
  },
  "parameters": {
    "effect": {
      "type": "String",
      "metadata": {
        "displayName": "Effect",
        "description": "Enable or disable the execution of the audit policy"
      },
      "allowedValues": [
        "Audit",
        "Deny",
        "Disabled"
      ],
      "defaultValue": "Audit"
    }
  },
  "policyRule": {
    "if": {
      "allOf": [
        {
          "field": "type",
          "equals": "Microsoft.Storage/storageAccounts"
        },
        {
          "field": "Microsoft.Storage/storageAccounts/encryption.requireInfrastructureEncryption",
          "notEquals": "true"
        }
      ]
    },
    "then": {
      "effect": "[parameters('effect')]"
    }
  }
}