standard
turbot/azure_compliance

Trigger: Detect & correct Compute disks not encrypted with CMK

Detect Compute disks not encrypted with CMK then encrypt with CMK.

Query

select
concat(id, ' [', subscription_id, '/', resource_group, ']') as title,
name,
resource_group,
subscription_id,
_ctx ->> 'connection_name' as conn
from
azure_compute_disk
where
disk_state = 'Attached'
and encryption_type <> 'EncryptionAtRestWithCustomerKey';

Schedule

15m

Tags

category = Compliance
plugin = azure
service = Azure/Compute