last sync: 2021-May-17 14:22:45 UTC

Azure Policy definition

Azure Stack Edge devices should use double-encryption

Name Azure Stack Edge devices should use double-encryption
Azure Portal
Id b4ac1030-89c5-4697-8e00-28b5ba6a8811
Version 1.0.0
details on versioning
Category Azure Stack Edge
Microsoft docs
Description To secure the data at rest on the device, ensure it's double-encrypted, the access to data is controlled, and once the device is deactivated, the data is securely erased off the data disks. Double encryption is the use of two layers of encryption: BitLocker XTS-AES 256-bit encryption on the data volumes and built-in encryption of the hard drives. Learn more in the security overview documentation for the specific Stack Edge device.
Mode Indexed
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default: audit
Allowed: (audit, deny, disabled)
Used RBAC Role none
History
Date/Time (UTC ymd) (i) Change type Change detail
2021-01-05 16:06:49 add b4ac1030-89c5-4697-8e00-28b5ba6a8811
Used in Initiatives none
JSON
{
  "properties": {
    "displayName": "Azure Stack Edge devices should use double-encryption",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "To secure the data at rest on the device, ensure it's double-encrypted, the access to data is controlled, and once the device is deactivated, the data is securely erased off the data disks. Double encryption is the use of two layers of encryption: BitLocker XTS-AES 256-bit encryption on the data volumes and built-in encryption of the hard drives. Learn more in the security overview documentation for the specific Stack Edge device.",
    "metadata": {
      "version": "1.0.0",
      "category": "Azure Stack Edge"
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "The desired effect of the policy."
        },
        "allowedValues": [
          "audit",
          "deny",
          "disabled"
        ],
        "defaultValue": "audit"
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.DataBoxEdge/DataBoxEdgeDevices"
          },
          {
            "field": "Microsoft.DataboxEdge/DataBoxEdgeDevices/sku.name",
            "notIn": [
              "TEA_1Node",
              "TEA_1Node_UPS",
              "TEA_1Node_Heater",
              "TEA_1Node_UPS_Heater",
              "TEA_4Node_Heater",
              "TEA_4Node_UPS_Heater",
              "TMA",
              "EdgePR_Base",
              "EdgePR_Base_UPS",
              "EdgeMR_Mini"
            ]
          }
        ]
      },
      "then": {
      "effect": "[parameters('effect')]"
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/b4ac1030-89c5-4697-8e00-28b5ba6a8811",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "b4ac1030-89c5-4697-8e00-28b5ba6a8811"
}