AzPolicyAdvertizer

last sync: 2024-Sep-18 17:50:24 UTC

Encryption for storage services should be enforced for Storage Accounts

Azure Landing Zones (ALZ) Policy definition

Source Repository Azure Landing Zones (ALZ) GitHub
JSON Deny-Storage-ServicesEncryption
Deploy policy Deny-Storage-ServicesEncryption (1.0.0) to Azure
Display name Encryption for storage services should be enforced for Storage Accounts
Id Deny-Storage-ServicesEncryption
Version 1.0.0
Details on versioning
Category Storage
Description Azure Storage accounts should enforce encryption for all storage services. Enforce this for increased encryption scope.
Mode All
Type Custom Azure Landing Zones (ALZ)
Preview False
Deprecated False
Effect Default
Deny
Allowed
Audit, Deny, Disabled
RBAC role(s) none
Rule aliases IF (4)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.Storage/storageAccounts/encryption.services.blob.enabled Microsoft.Storage storageAccounts properties.encryption.services.blob.enabled True False
Microsoft.Storage/storageAccounts/encryption.services.file.enabled Microsoft.Storage storageAccounts properties.encryption.services.file.enabled True False
Microsoft.Storage/storageAccounts/encryption.services.queue.keyType Microsoft.Storage storageAccounts properties.encryption.services.queue.keyType True False
Microsoft.Storage/storageAccounts/encryption.services.table.keyType Microsoft.Storage storageAccounts properties.encryption.services.table.keyType True False
Rule resource types IF (1)
Microsoft.Storage/storageAccounts
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State
Enforce recommended guardrails for Storage Account Enforce-Guardrails-Storage Storage GA
History
Date/Time (UTC ymd) (i) Change type Change detail
2024-06-03 17:39:43 add Deny-Storage-ServicesEncryption
JSON compare n/a
JSON
EPAC
Deploy policy Deny-Storage-ServicesEncryption (1.0.0) to Azure