Monitor Blob Encryption
Ensures that Blob Storage Encryption monitoring is enabled
When this setting is enabled, Security Center audits blob encryption in all storage accounts to enhance data at rest protection.
Recommended Actions
Follow the appropriate remediation steps below to resolve the issue.
-
Log into the Microsoft Azure Management Console.
-
Select the “Search resources, services, and docs” option at the top and search for Security Center.
-
Scroll down the “Security Center” and select the “Security policy” option under the “Management” on left navigation panel.
-
On the “Policy Management” page under “Name” column select the “Subscription Name” that needs to be verified.
-
In the “Security Policy” page scroll down and click on the “Azure Security Benchmark”.
-
In the “Azure Security Benchmark” click on the Next button.
-
In the “Azure Security Benchmark”, check for the “Adaptive Application Controls for defining safe applications should be enabled on your machines” Parameter and if it’s set to “Disable” then the encryption is not enabled.
-
Repeat steps number 2 - 7 to check other “Subscriptions” under the “Security Center."
-
Navigate to the “Security Center”, select the “Security policy” and under “Policy Management” select the “Subscription” that needs to enable the “Adaptive Application Controls for defining safe applications should be enabled on your machines.”
-
In the “Security Policy” page scroll down and click on the “Azure Security Benchmark” and click on the “Next” button.
-
Scroll down the page and under “Parameter” choose the “Adaptive Application for defining safe applications should be enabled on your machines” and select the “AuditIfNotExists” option from the dropdown menu and click on the “Save” button at the bottom to make the necessary changes.
-
Repeat steps number 7 - 11 to enable Adaptive Application Controls for Storage Accounts from the Azure Security Center by ensuring AuditIfNotExists setting is used for blob encryption.