Control: Storage accounts should use Microsoft-managed key for encryption
Description
Use Microsoft-managed key to encrypt your storage account. Microsoft-managed key is the default and simplest option for encryption at rest.
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.storage_account_encryption_at_rest_using_mmkSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.storage_account_encryption_at_rest_using_mmk --shareSQL
This control uses a named query:
select sa.id as resource, case when sa.encryption_key_source = 'Microsoft.Storage' then 'ok' else 'alarm' end as status, case when sa.encryption_key_source = 'Microsoft.Storage' then sa.name || ' encrypted with MMK.' else sa.name || ' not encrypted with MMK.' end as reason , sa.resource_group as resource_group , sub.display_name as subscriptionfrom azure_storage_account sa, azure_subscription subwhere sub.subscription_id = sa.subscription_id;