Ensure that your detached Microsoft Azure virtual machine (VM) disk volumes are encrypted in order to meet security and compliance requirements. The unattached disk volumes encryption and decryption is handled transparently and does not require any additional action from you, your Azure virtual machine, or your application.
This rule resolution is part of the Cloud Conformity Security & Compliance tool for Azure
By encrypting disk volumes detached from your Microsoft Azure virtual machines, you have the assurance that your data is unrecoverable without an encryption key and thus provides protection from unwarranted reads. Even if the disk volumes are not attached to any of the VMs provisioned within your Azure cloud account, there is always a risk where a compromised user account with administrative privileges can mount/attach these unencrypted disks, and this action can lead to sensitive information disclosure and/or data leakage.
To determine if encryption at rest is enabled for your unattached VM disk volumes, perform the following actions:Note: Getting the encryption status for the detached Azure VM disk volumes using Microsoft Azure Management Console (Azure Portal) is not currently supported.
Remediation / Resolution
To enable encryption for your unattached Microsoft Azure VM disk volumes, perform the following actions:Note: Enabling encryption at rest for detached Azure VM disk volumes using Microsoft Azure Management Console (Azure Portal) is not currently supported.
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
You are auditing:
Enable Encryption for Unattached Disk Volumes
Risk level: High