AzPolicyAdvertizer

last sync: 2024-Sep-18 17:50:24 UTC

Azure Cognitive Search services should use customer-managed keys to encrypt data at rest

Azure BuiltIn Policy definition

Source Azure Portal
Display name Azure Cognitive Search services should use customer-managed keys to encrypt data at rest
Id 76a56461-9dc0-40f0-82f5-2453283afa2f
Version 1.0.0
Details on versioning
Versioning Versions supported for Versioning: 1
1.0.0
Built-in Versioning [Preview]
Category Search
Microsoft Learn
Description Enabling encryption at rest using a customer-managed key on your Azure Cognitive Search services provides additional control over the key used to encrypt data at rest. This feature is often applicable to customers with special compliance requirements to manage data encryption keys using a key vault.
Mode Indexed
Type BuiltIn
Preview False
Deprecated False
Effect Default
Audit
Allowed
Audit, Deny, Disabled
RBAC role(s) none
Rule aliases IF (2)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.Search/searchServices/encryptionWithCmk.encryptionComplianceStatus Microsoft.Search searchServices properties.encryptionWithCmk.encryptionComplianceStatus True False
Microsoft.Search/searchServices/encryptionWithCmk.enforcement Microsoft.Search searchServices properties.encryptionWithCmk.enforcement True False
Rule resource types IF (1)
Microsoft.Search/searchServices
Compliance Not a Compliance control
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
Deny or Audit resources without Encryption with a customer-managed key (CMK) Enforce-Encryption-CMK Encryption GA ALZ
History
Date/Time (UTC ymd) (i) Change type Change detail
2021-07-30 15:17:20 add 76a56461-9dc0-40f0-82f5-2453283afa2f
JSON compare n/a
JSON
api-version=2021-06-01
EPAC