AzPolicyAdvertizer

last sync: 2024-Jul-26 18:17:39 UTC

Queue Storage should use customer-managed key for encryption

Azure BuiltIn Policy definition

Source Azure Portal
Display name Queue Storage should use customer-managed key for encryption
Id f0e5abd0-2554-4736-b7c0-4ffef23475ef
Version 1.0.0
Details on versioning
Category Storage
Microsoft Learn
Description Secure your queue storage with greater flexibility using customer-managed keys. When you specify a customer-managed key, that key is used to protect and control access to the key that encrypts your data. Using customer-managed keys provides additional capabilities to control rotation of the key encryption key or cryptographically erase data.
Mode Indexed
Type BuiltIn
Preview False
Deprecated False
Effect Default
Audit
Allowed
Audit, Deny, Disabled
RBAC role(s) none
Rule aliases IF (2)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.Storage/storageAccounts/encryption.keySource Microsoft.Storage storageAccounts properties.encryption.keySource True False
Microsoft.Storage/storageAccounts/encryption.services.queue.keyType Microsoft.Storage storageAccounts properties.encryption.services.queue.keyType True False
Rule resource types IF (1)
Microsoft.Storage/storageAccounts
Compliance
The following 2 compliance controls are associated with this Policy definition 'Queue Storage should use customer-managed key for encryption' (f0e5abd0-2554-4736-b7c0-4ffef23475ef)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found n/a n/a 53
SO .3 - Customer-Managed Keys SO.3 - Customer-Managed Keys 404 not found n/a n/a 12
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
[Preview]: Control the use of Storage Accounts in a Virtual Enclave ca122c06-05f6-4423-9018-ccb523168eb2 VirtualEnclaves Preview BuiltIn
[Preview]: Sovereignty Baseline - Confidential Policies 03de05a4-c324-4ccd-882f-a814ea8ab9ea Regulatory Compliance Preview BuiltIn
Deny or Audit resources without Encryption with a customer-managed key (CMK) Enforce-Encryption-CMK Encryption GA ALZ
Spain ENS 175daf90-21e1-4fec-b745-7b4c909aa94c Regulatory Compliance GA BuiltIn
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-02-18 17:44:00 add f0e5abd0-2554-4736-b7c0-4ffef23475ef
JSON compare n/a
JSON
api-version=2021-06-01
EPAC