last sync: 2021-Sep-24 16:09:49 UTC

Azure Policy definition

[Deprecated]: Require blob encryption for storage accounts

Name [Deprecated]: Require blob encryption for storage accounts
Azure Portal
Id 7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f
Version 1.0.0-deprecated
details on versioning
Category Storage
Microsoft docs
Description This policy ensures blob encryption for storage accounts is turned on. It only applies to Microsoft.Storage resource types, not other storage providers. This policy is deprecated because storage blob encryption is now enabled by default, and can no longer be disabled.
Mode Indexed
Type BuiltIn
Preview FALSE
Deprecated True
Effect Fixed: deny
Used RBAC Role none
History none
Used in Initiatives none
JSON
{
  "displayName": "[Deprecated]: Require blob encryption for storage accounts",
  "policyType": "BuiltIn",
  "mode": "Indexed",
  "description": "This policy ensures blob encryption for storage accounts is turned on. It only applies to Microsoft.Storage resource types, not other storage providers. This policy is deprecated because storage blob encryption is now enabled by default, and can no longer be disabled.",
  "metadata": {
    "version": "1.0.0-deprecated",
    "category": "Storage",
    "deprecated": true
  },
  "parameters": {},
  "policyRule": {
    "if": {
      "allOf": [
        {
          "field": "type",
          "equals": "Microsoft.Storage/storageAccounts"
        },
        {
          "field": "Microsoft.Storage/storageAccounts/enableBlobEncryption",
          "equals": "false"
        }
      ]
    },
    "then": {
      "effect": "deny"
    }
  }
}