Ensure that your Microsoft Azure virtual machines (VMs) are configured to use managed disk volumes for reliable, efficient and simplified disk management. A managed disk is an abstraction of current Standard/Premium storage disk in Azure Storage. Managed disks provide granular access control with RBAC and better reliability for the virtual machines deployed within an Azure Availability Set.
The main benefits of using managed disk volumes for VMs are:
High availability (HA) - the managed disk volumes have a 99.99% SLA in all Availability Zones (AZs).
High fault tolerance - the managed disks provisioned within an Azure Availability Set are spread across multiple storage fault domains to protect against single points of failure.
High scalability - can be deployed up to 50,000 managed disk volumes per Azure subscription per region.
This rule resolution is part of the Conformity Security & Compliance tool for Azure.
efficiency
For best performance, scalability, reliability and access control, Cloud Conformity recommends using Azure managed disk volumes for most virtual machine (VM) configurations. Azure unmanaged disk volumes should be used only to support rare scenarios or to manage disk VHDs within your own storage account.
Audit
To determine if your Azure virtual machines are using managed disk volumes, perform the following actions:
Remediation / Resolution
To convert any unmanaged disk volumes attached to your Azure virtual machines to managed disk volumes, perform the following actions:
Note: The source unmanaged VM disks are not deleted after the migration to managed disks. The managed disks are created by making a copy of the source disks. The configuration of the selected Microsoft Azure virtual machines is not changed after the migration is completed.References
- Azure Official Documentation
- Introduction to Azure managed disks
- Convert a Linux virtual machine from unmanaged disks to managed disks
- Azure PowerShell Documentation
- az vm list
- az vm show
- az vm deallocate
- az vm convert
- az vm start