AzPolicyAdvertizer

last sync: 2024-Sep-18 17:50:24 UTC

[Preview]: Azure Backup Vaults should use customer-managed keys for encrypting backup data. Also an option to enforce Infra Encryption.

Azure BuiltIn Policy definition

Source Azure Portal
Display name [Preview]: Azure Backup Vaults should use customer-managed keys for encrypting backup data. Also an option to enforce Infra Encryption.
Id d6588149-9f06-462c-a076-56aece45b5ba
Version 1.0.0-preview
Details on versioning
Versioning Versions supported for Versioning: 1
1.0.0-preview
Built-in Versioning [Preview]
Category Backup
Microsoft Learn
Description This policy follows the 'effect' if Encryption Settings are enabled for Backup vaults in the scope. Additionally, option to check if Backup Vault also has Infrastructure Encryption enabled. Learn more at https://aka.ms/az-backup-vault-encryption-at-rest-with-cmk. Please note that when 'Deny' effect is used, it would need you to enable Encryption Settings on the existing Backup Vaults in order to allow other update operations on the vault go through.
Mode Indexed
Type BuiltIn
Preview True
Deprecated False
Effect Default
Audit
Allowed
Audit, Deny, Disabled
RBAC role(s) none
Rule aliases IF (2)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.DataProtection/backupVaults/securitySettings.encryptionSettings.infrastructureEncryption Microsoft.DataProtection BackupVaults properties.securitySettings.encryptionSettings.infrastructureEncryption True False
Microsoft.DataProtection/backupVaults/securitySettings.encryptionSettings.state Microsoft.DataProtection BackupVaults properties.securitySettings.encryptionSettings.state True False
Rule resource types IF (1)
Microsoft.DataProtection/backupvaults
Compliance Not a Compliance control
Initiatives usage none
History
Date/Time (UTC ymd) (i) Change type Change detail
2024-03-25 19:17:21 add d6588149-9f06-462c-a076-56aece45b5ba
JSON compare n/a
JSON
api-version=2021-06-01
EPAC