Azure_VM_2

Ensure that Data disks are encrypted

Description

Ensure that data disks (non-boot volumes) are encrypted, where possible.

Remediation

Perform the following in the Azure Console:

Follow Microsoft Azure documentation.

Perform the following in Azure Command Line Interface 2.0:

Use the below command to enable encryption for Data Disk for the specific VM.

az vm encryption enable –name <VMName> –resource-group <resourceGroupName> –volume-type DATA –aad-client-id <Client ID of AAD app> –aad-client-secret <Client Secret of AAD app> –disk-encryption-keyvault https://<vaultEndpoint>/secrets/<secretName>/<secretVersion>

References:

  1. https://docs.microsoft.com/en-us/azure/security/azure-security-disk-encryption
  2. https://docs.microsoft.com/en-us/azure/security-center/security-center-disk-encryption?toc=%2fazure%2fsecurity%2ftoc.json

Service

Virtual Machines

Severity

Medium

Compliance

Mapping

We are now live on AWS Marketplace.
The integrated view of your cloud infrastructure is now easier than ever!