Control: Virtual machines should encrypt temp disks, caches, and data flows between Compute and Storage resources

Description

By default, a virtual machine's OS and data disks are encrypted-at-rest using platform-managed keys. Temp disks, data caches and data flowing between compute and storage aren't encrypted. Disregard this recommendation if: 1. using encryption-at-host, or 2. server-side encryption on Managed Disks meets your security requirements. Learn more in: Server-side encryption of Azure Disk Storage: https://aka.ms/disksse, Different disk encryption offerings: https://aka.ms/diskencryptioncomparison

Usage

Run the control in your terminal:

powerpipe control run azure_compliance.control.compute_vm_temp_disks_cache_and_data_flows_encrypted

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run azure_compliance.control.compute_vm_temp_disks_cache_and_data_flows_encrypted --share

SQL

This control uses a named query:

manual_control

Control: Virtual machines should encrypt temp disks, caches, and data flows between Compute and Storage resources

Description

Usage

SQL

Tags