Ensure that "Monitor Storage Blob Encryption" feature is enabled within your Microsoft Azure cloud account so that Azure Security Center can assess storage accounts for encryption at rest. "Monitor Storage Blob Encryption" applies only to Microsoft Azure Storage resources.
This rule resolution is part of the Conformity Security & Compliance tool for Azure.
In order to protect your data and to help you meet security and compliance requirements, Azure Security Center recommends that all Azure Storage resources to be encrypted, including blobs, disks, files, queues, tables, and object metadata. Data in Azure Storage is encrypted and decrypted transparently using 256-bit AES encryption and is FIPS 140-2 compliant. With storage encryption monitoring feature turned on, Azure Security Center can determine if encryption at rest is enabled for your Azure Storage resources.
Audit
To determine if storage encryption monitoring is enabled within Azure Security Center, perform the following actions:
Remediation / Resolution
To enable storage encryption monitoring and recommendations for your Microsoft Azure Storage blob resources, perform the following actions:
References
- Azure Official Documentation
- Working with security policies
- Azure Storage encryption for data at rest
- Azure Storage encryption for data at rest
- CIS Microsoft Azure Foundations
- Azure Command Line Interface (CLI) Documentation
- az
- az account get-access-token
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.

You are auditing:
Enable Storage Encryption Monitoring
Risk level: Medium