last sync: 2024-Apr-24 17:47:19 UTC

Deny or Audit resources without Encryption with a customer-managed key (CMK)

Azure Landing Zones (ALZ) Policy Initiative (PolicySet)

Source Repository Azure Landing Zones (ALZ) GitHub
JSON Enforce-Encryption-CMK
Display nameDeny or Audit resources without Encryption with a customer-managed key (CMK)
IdEnforce-Encryption-CMK
Version2.0.0
Details on versioning
CategoryEncryption
DescriptionDeny or Audit resources without Encryption with a customer-managed key (CMK)
TypeCustom Azure Landing Zones (ALZ)
DeprecatedFalse
PreviewFalse
Policy count Total Policies: 15
Builtin Policies: 15
Static Policies: 0
ALZ Policies: 0
Policy used
Policy DisplayName Policy Id Category Effect Roles# Roles State Type
Azure API for FHIR should use a customer-managed key to encrypt data at rest 051cba44-2429-45b9-9649-46cec11c7119 API for FHIR Default
Audit
Allowed
audit, Audit, disabled, Disabled
0 GA BuiltIn
Azure Batch account should use customer-managed keys to encrypt data 99e9ccd8-3db9-4592-b0d1-14b1715a4d8a Batch Default
Audit
Allowed
Audit, Deny, Disabled
0 GA BuiltIn
Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest 1f905d99-2ab7-462c-a6b0-f709acca6c8f Cosmos DB Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled
0 GA BuiltIn
Azure Data Box jobs should use a customer-managed key to encrypt the device unlock password 86efb160-8de7-451d-bc08-5d475b0aadae Data Box Default
Audit
Allowed
Audit, Deny, Disabled
0 GA BuiltIn
Azure Machine Learning workspaces should be encrypted with a customer-managed key ba769a63-b8cc-4b2d-abf6-ac33c7204be8 Machine Learning Default
Audit
Allowed
Audit, Deny, Disabled
0 GA BuiltIn
Azure Stream Analytics jobs should use customer-managed keys to encrypt data 87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Stream Analytics Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled
0 GA BuiltIn
Azure Synapse workspaces should use customer-managed keys to encrypt data at rest f7d52b2d-e161-4dfa-a82b-55e564167385 Synapse Default
Audit
Allowed
Audit, Deny, Disabled
0 GA BuiltIn
Both operating systems and data disks in Azure Kubernetes Service clusters should be encrypted by customer-managed keys 7d7be79c-23ba-4033-84dd-45e2a5ccdd67 Kubernetes Default
Audit
Allowed
Audit, Deny, Disabled
0 GA BuiltIn
Cognitive Services accounts should enable data encryption with a customer-managed key 67121cc7-ff39-4ab8-b7e3-95b84dab487d Cognitive Services Default
Audit
Allowed
Audit, Deny, Disabled
0 GA BuiltIn
Container registries should be encrypted with a customer-managed key 5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580 Container Registry Default
Audit
Allowed
Audit, Deny, Disabled
0 GA BuiltIn
MySQL servers should use customer-managed keys to encrypt data at rest 83cef61d-dbd1-4b20-a4fc-5fbc7da10833 SQL Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA BuiltIn
PostgreSQL servers should use customer-managed keys to encrypt data at rest 18adea5e-f416-4d0f-8aa8-d24321e3e274 SQL Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA BuiltIn
SQL servers should use customer-managed keys to encrypt data at rest 0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL Default
Audit
Allowed
Audit, Deny, Disabled
0 GA BuiltIn
Storage accounts should use customer-managed key for encryption 6fac406b-40ca-413b-bf8e-0bf964659c25 Storage Default
Audit
Allowed
Audit, Disabled
0 GA BuiltIn
Virtual machines should encrypt temp disks, caches, and data flows between Compute and Storage resources 0961003e-5a0a-4549-abde-af6a37f2724d Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA BuiltIn
Roles used
No Roles used
History none
JSON compare
compare mode: version left: version right:
JSON
EPAC