AzPolicyAdvertizer

last sync: 2024-Jul-26 18:17:39 UTC

[Preview]: Azure Stack HCI systems should have encrypted volumes

Azure BuiltIn Policy definition

Source

Azure Portal

Display name

[Preview]: Azure Stack HCI systems should have encrypted volumes

ee8ca833-1583-4d24-837e-96c2af9488a4

Version

1.0.0-preview
Details on versioning

Category

Stack HCI
Microsoft Learn

Description

Use BitLocker to encrypt the OS and data volumes on Azure Stack HCI systems.

Mode

Indexed

Type

BuiltIn

Preview

True

Deprecated

False

Effect

Default
AuditIfNotExists
Allowed
Audit, Disabled, AuditIfNotExists

RBAC role(s)

none

Rule aliases

IF (1)

Alias	Namespace	ResourceType	Path	PathIsDefault	DefaultPath	Modifiable
Microsoft.AzureStackHCI/clusters/reportedProperties.clusterVersion	Microsoft.AzureStackHCI	clusters	properties.reportedProperties.clusterVersion	True		False

THEN-ExistenceCondition (1)

Alias	Namespace	ResourceType	Path	PathIsDefault	DefaultPath	Modifiable
Microsoft.AzureStackHCI/clusters/securitySettings/securityComplianceStatus.dataAtRestEncrypted	Microsoft.AzureStackHCI	clusters/securitySettings	properties.securityComplianceStatus.dataAtRestEncrypted	True		False

Rule resource types

IF (1)
Microsoft.AzureStackHCI/clusters

Compliance

The following 1 compliance controls are associated with this Policy definition '[Preview]: Azure Stack HCI systems should have encrypted volumes' (ee8ca833-1583-4d24-837e-96c2af9488a4)

Control Domain	Control	Name	MetadataId	Category	Title	Owner	Requirements	Description	Info	Policy#
Azure_Security_Benchmark_v3.0	DP-5	Azure_Security_Benchmark_v3.0_DP-5	Microsoft cloud security benchmark DP-5	Data Protection	Use customer-managed key option in data at rest encryption when required	Shared	Security Principle: If required for regulatory compliance, define the use case and service scope where customer-managed key option is needed. Enable and implement data at rest encryption using customer-managed key in services. Azure Guidance: Azure also provides encryption option using keys managed by yourself (customer-managed keys) for certain services. However, using customer-managed key option requires additional operational efforts to manage the key lifecycle. This may include encryption key generation, rotation, revoke and access control, etc. Implementation and additional context: Encryption model and key management table: https://docs.microsoft.com/azure/security/fundamentals/encryption-models Services that support encryption using customer-managed key: https://docs.microsoft.com/azure/security/fundamentals/encryption-models#supporting-services How to configure customer managed encryption keys in Azure Storage: https://docs.microsoft.com/azure/storage/common/storage-encryption-keys-portal	n/a	link	10

Initiatives usage

Initiative DisplayName	Initiative Id	Initiative Category	State	Type
Microsoft cloud security benchmark	1f3afdf9-d0c9-4c3d-847f-89da613e70a8	Security Center	GA	BuiltIn

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2024-03-01 17:50:27	add	ee8ca833-1583-4d24-837e-96c2af9488a4

JSON compare

n/a

JSON

api-version=2021-06-01
EPAC