Plugin Title Unmanaged Disk Encryption
Cloud AZURE
Category Disks
Description Ensures that unmanaged disks are encrypted
More Info Encrypting unmanaged data disks (non-boot volume) ensures that the entire contents are fully unrecoverable without a key, protecting the volume from unwarranted reads.
AWS Link https://docs.microsoft.com/en-us/azure/security-center/security-center-apply-disk-encryption
Recommended Action Enable Data Disk Encryption on all unmanaged disks


Detailed Remediation Steps

  1. Log into the Microsoft Azure Management Console.
  2. Select the "Search resources, services, and docs" option at the top and search for Security Center.
  3. On the "Security Center" page, scroll down the left navigation panel and choose "Recommnedations" under the "RESOURCE SECURITY HYGIENE."
  4. On the "Security Center - Recommendations" page if the "Disk encryption should be applied on virtual machines" is under the "Recommendations" then there is no protecting the volume from unwarranted reads.
  5. Repeat steps number 2 - 4 to check other "Security Recommendations."
  6. Navigate to "Security Center", scroll down the left navigation panel and choose the "Recommnedations" and under the "Security Center - Recommendations" page follow the instructions to apply encryption to these VMs.
  7. On the "Security Center - Recommendations Disk encryption should be applied on virtual machines", scroll down the page and under the "Remediation steps" click on the "Encryption Instructions" link.
  8. On the "Security Center" page, scroll down the left navigation panel and choose the "Security Policy" under the "POLICY & COMPLIANCE."
  9. On the "Security Policy" page, click on the name of the subscription that needs to reconfigure.
  10. On the "Security policy" page select the "ASC Default" policy assignment to edit the subscription configuration settings.
  11. On the selected policy assignment scroll down the page and "select AuditIfNotExists" from "Monitor disk encryption" dropdown list to enable disk encryption monitoring under "Parameters."
  12. Scroll down the page and click on the "Assign" button to make the changes.
  13. Repeat steps number 6 - 12 to enable Data Disk Encryption on all unmanaged disks.

Want to scan for this risk automatically?

Get Started Now