Security Center default policy setting 'Monitor Disk Encryption' is not enabled Affecting Security Center service in Azure
Severity Framework
Snyk CCSS
Rule category
Monitoring / Data
Is your enviroment affected by this misconfiguration?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsFrameworks
CIS-Azure
CIS-Controls
CSA-CCM
GDPR
HIPAA
SOC-2
- Snyk ID SNYK-CC-00667
- credit Snyk Research Team
Description
This policy setting recommends enabling disk encryption in all virtual machines to enhance data protection at rest.
How to fix?
Set policy_definition_id to /providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d, and set enforce to true or remove the attribute.
Example Configuration
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
"type": "Microsoft.Authorization/policyAssignments",
"apiVersion": "2022-06-01",
"name": "allowed",
"location": "[resourceGroup().location]",
"identity": {
"type": "SystemAssigned"
},
"properties": {
"description": "By default, a virtual machine's OS and data disks are encrypted-at-rest using platform-managed keys. Temp disks, data caches and data flowing between compute and storage aren't encrypted",
"displayName": "Virtual machines should encrypt temp disks, caches, and data flows between Compute and Storage resources",
"enforcementMode": "Default",
"metadata": {},
"parameters": {},
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d"
}
]
}