Control: Unattached Compute disks should be encrypted with ADE/CMK
Description
This policy identifies the disks which are unattached and are encrypted with default encryption instead of ADE/CMK. Azure encrypts disks by default Server-Side Encryption (SSE) with platform-managed keys [SSE with PMK]. It is recommended to use either SSE with Azure Disk Encryption [SSE with PMK+ADE] or Customer Managed Key [SSE with CMK] which improves on platform-managed keys by giving you control of the encryption keys to meet your compliance need.
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.compute_disk_unattached_encrypted_with_cmkSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.compute_disk_unattached_encrypted_with_cmk --shareSQL
This control uses a named query:
compute_disk_unattached_encrypted_with_cmk