Control: Azure Data Box jobs should use a customer-managed key to encrypt the device unlock password
Description
Use a customer-managed key to control the encryption of the device unlock password for Azure Data Box. Customer-managed keys also help manage access to the device unlock password by the Data Box service in order to prepare the device and copy data in an automated manner. The data on the device itself is already encrypted at rest with Advanced Encryption Standard 256-bit encryption, and the device unlock password is encrypted by default with a Microsoft managed key.
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.databox_job_unlock_password_encrypted_with_cmkSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.databox_job_unlock_password_encrypted_with_cmk --shareSQL
This control uses a named query:
manual_control