Policy DisplayName |
Policy Id |
Category |
Effect |
Roles# |
Roles |
State |
Type |
Azure API for FHIR should use a customer-managed key to encrypt data at rest |
051cba44-2429-45b9-9649-46cec11c7119 |
API for FHIR |
Default Audit Allowed audit, Audit, disabled, Disabled |
0 |
|
GA |
BuiltIn |
Azure Batch account should use customer-managed keys to encrypt data |
99e9ccd8-3db9-4592-b0d1-14b1715a4d8a |
Batch |
Default Audit Allowed Audit, Deny, Disabled |
0 |
|
GA |
BuiltIn |
Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest |
1f905d99-2ab7-462c-a6b0-f709acca6c8f |
Cosmos DB |
Default Audit Allowed audit, Audit, deny, Deny, disabled, Disabled |
0 |
|
GA |
BuiltIn |
Azure Data Box jobs should use a customer-managed key to encrypt the device unlock password |
86efb160-8de7-451d-bc08-5d475b0aadae |
Data Box |
Default Audit Allowed Audit, Deny, Disabled |
0 |
|
GA |
BuiltIn |
Azure Machine Learning workspaces should be encrypted with a customer-managed key |
ba769a63-b8cc-4b2d-abf6-ac33c7204be8 |
Machine Learning |
Default Audit Allowed Audit, Deny, Disabled |
0 |
|
GA |
BuiltIn |
Azure Stream Analytics jobs should use customer-managed keys to encrypt data |
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 |
Stream Analytics |
Default Audit Allowed audit, Audit, deny, Deny, disabled, Disabled |
0 |
|
GA |
BuiltIn |
Azure Synapse workspaces should use customer-managed keys to encrypt data at rest |
f7d52b2d-e161-4dfa-a82b-55e564167385 |
Synapse |
Default Audit Allowed Audit, Deny, Disabled |
0 |
|
GA |
BuiltIn |
Both operating systems and data disks in Azure Kubernetes Service clusters should be encrypted by customer-managed keys |
7d7be79c-23ba-4033-84dd-45e2a5ccdd67 |
Kubernetes |
Default Audit Allowed Audit, Deny, Disabled |
0 |
|
GA |
BuiltIn |
Cognitive Services accounts should enable data encryption with a customer-managed key |
67121cc7-ff39-4ab8-b7e3-95b84dab487d |
Cognitive Services |
Default Audit Allowed Audit, Deny, Disabled |
0 |
|
GA |
BuiltIn |
Container registries should be encrypted with a customer-managed key |
5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580 |
Container Registry |
Default Audit Allowed Audit, Deny, Disabled |
0 |
|
GA |
BuiltIn |
MySQL servers should use customer-managed keys to encrypt data at rest |
83cef61d-dbd1-4b20-a4fc-5fbc7da10833 |
SQL |
Default AuditIfNotExists Allowed AuditIfNotExists, Disabled |
0 |
|
GA |
BuiltIn |
PostgreSQL servers should use customer-managed keys to encrypt data at rest |
18adea5e-f416-4d0f-8aa8-d24321e3e274 |
SQL |
Default AuditIfNotExists Allowed AuditIfNotExists, Disabled |
0 |
|
GA |
BuiltIn |
SQL servers should use customer-managed keys to encrypt data at rest |
0a370ff3-6cab-4e85-8995-295fd854c5b8 |
SQL |
Default Audit Allowed Audit, Deny, Disabled |
0 |
|
GA |
BuiltIn |
Storage accounts should use customer-managed key for encryption |
6fac406b-40ca-413b-bf8e-0bf964659c25 |
Storage |
Default Audit Allowed Audit, Disabled |
0 |
|
GA |
BuiltIn |
Virtual machines should encrypt temp disks, caches, and data flows between Compute and Storage resources |
0961003e-5a0a-4549-abde-af6a37f2724d |
Security Center |
Default AuditIfNotExists Allowed AuditIfNotExists, Disabled |
0 |
|
GA |
BuiltIn |