Policy DisplayName |
Policy Id |
Category |
Effect |
Roles# |
Roles |
State |
[Preview]: Azure Recovery Services vaults should use customer-managed keys for encrypting backup data |
2e94d99a-8a36-4563-bc77-810d8893b671 |
Backup |
Default Audit Allowed Audit, Deny, Disabled |
0 |
|
Preview |
Allowed locations |
e56962a6-4747-49cd-b67b-bf8b01975c4c |
General |
Fixed deny |
0 |
|
GA |
Allowed locations for resource groups |
e765b5de-1225-4ba3-bd56-1ac6695af988 |
General |
Fixed deny |
0 |
|
GA |
Allowed resource types |
a08ec900-254a-4555-9bf5-e42af04b5c5c |
General |
Fixed deny |
0 |
|
GA |
Allowed virtual machine size SKUs |
cccc23c7-8427-4f53-ad12-b6a63eb452b3 |
Compute |
Fixed Deny |
0 |
|
GA |
Azure Cosmos DB allowed locations |
0473574d-2d43-4217-aefe-941fcdf7e684 |
Cosmos DB |
Default Deny Allowed audit, Audit, deny, Deny, disabled, Disabled |
0 |
|
GA |
Both operating systems and data disks in Azure Kubernetes Service clusters should be encrypted by customer-managed keys |
7d7be79c-23ba-4033-84dd-45e2a5ccdd67 |
Kubernetes |
Default Audit Allowed Audit, Deny, Disabled |
0 |
|
GA |
HPC Cache accounts should use customer-managed key for encryption |
970f84d8-71b6-4091-9979-ace7e3fb6dbb |
Storage |
Default Audit Allowed Audit, Disabled, Deny |
0 |
|
GA |
Managed disks should be double encrypted with both platform-managed and customer-managed keys |
ca91455f-eace-4f96-be59-e6e2c35b4816 |
Compute |
Default Audit Allowed Audit, Deny, Disabled |
0 |
|
GA |
MySQL servers should use customer-managed keys to encrypt data at rest |
83cef61d-dbd1-4b20-a4fc-5fbc7da10833 |
SQL |
Default AuditIfNotExists Allowed AuditIfNotExists, Disabled |
0 |
|
GA |
PostgreSQL servers should use customer-managed keys to encrypt data at rest |
18adea5e-f416-4d0f-8aa8-d24321e3e274 |
SQL |
Default AuditIfNotExists Allowed AuditIfNotExists, Disabled |
0 |
|
GA |
Queue Storage should use customer-managed key for encryption |
f0e5abd0-2554-4736-b7c0-4ffef23475ef |
Storage |
Default Audit Allowed Audit, Deny, Disabled |
0 |
|
GA |
SQL managed instances should use customer-managed keys to encrypt data at rest |
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 |
SQL |
Default Audit Allowed Audit, Deny, Disabled |
0 |
|
GA |
SQL servers should use customer-managed keys to encrypt data at rest |
0a370ff3-6cab-4e85-8995-295fd854c5b8 |
SQL |
Default Audit Allowed Audit, Deny, Disabled |
0 |
|
GA |
Storage account encryption scopes should use customer-managed keys to encrypt data at rest |
b5ec538c-daa0-4006-8596-35468b9148e8 |
Storage |
Default Audit Allowed Audit, Deny, Disabled |
0 |
|
GA |
Storage accounts should use customer-managed key for encryption |
6fac406b-40ca-413b-bf8e-0bf964659c25 |
Storage |
Default Audit Allowed Audit, Disabled |
0 |
|
GA |
Table Storage should use customer-managed key for encryption |
7c322315-e26d-4174-a99e-f49d351b4688 |
Storage |
Default Audit Allowed Audit, Deny, Disabled |
0 |
|
GA |