Homepage

Security Center default policy setting 'Monitor Disk Encryption' is not enabled Affecting Security Center service in Azure

Severity

0.0
medium
0
10
Severity Framework
Snyk CCSS
Rule category
Monitoring/ Data

Is your environment affected by this misconfiguration?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
Frameworks
CIS-AzureCIS-ControlsCSA-CCMGDPRHIPAASOC-2
  • Snyk IDSNYK-CC-00667
  • creditSnyk Research Team
Report a new misconfiguration Found a mistake?

Description

This policy setting recommends enabling disk encryption in all virtual machines to enhance data protection at rest.

How to fix?

Set policy_definition_id to /providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d, and set enforce to true or remove the attribute.

Example Configuration

{
    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "resources": [
        "type": "Microsoft.Authorization/policyAssignments",
            "apiVersion": "2022-06-01",
            "name": "allowed",
            "location": "[resourceGroup().location]",
            "identity": {
                "type": "SystemAssigned"
            },
            "properties": {
                "description": "By default, a virtual machine's OS and data disks are encrypted-at-rest using platform-managed keys. Temp disks, data caches and data flowing between compute and storage aren't encrypted",
                "displayName": "Virtual machines should encrypt temp disks, caches, and data flows between Compute and Storage resources",
                "enforcementMode": "Default",
                "metadata": {},
                "parameters": {},
                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d"
            }
    ]
}