Policy: Azure > AI Foundry > Account > Encryption at Rest

Define the Encryption at Rest settings required for Azure > AI Foundry > Account.

Encryption at Rest refers specifically to the encryption of data when written to the underlying Cognitive Services storage. This control determines whether the account is encrypted at rest with a Microsoft managed key (the Azure default) or a customer managed key sourced from Azure Key Vault.

The Encryption at Rest control compares the encryption settings against this policy and the Customer Managed Key sub-policy, raises an alarm on mismatch, and takes the defined enforcement action.

Targets

This policy targets the following resource types:

Azure > AI Foundry > Account

Customer Managed Key

Controls

Setting this policy configures this control:

Azure > AI Foundry > Account > Encryption at Rest

Policy Specification

Schema Type	`string`
Default	`Skip`
Valid Values [YAML]	`Skip` `Check: Microsoft managed key` `Check: Customer managed key` `Check: Encryption at Rest > Customer Managed Key` `Enforce: Microsoft managed key` `Enforce: Customer managed key` `Enforce: Encryption at Rest > Customer Managed Key`
Examples [YAML]	`Check: Microsoft managed key`

In Your Workspace

Policy Settings by Type report

Developers

Category URI

tmod:@turbot/turbot#/control/categories/resourceEncryptionAtRest

Policy Type URI

tmod:@turbot/azure-aifoundry#/policy/types/accountEncryptionAtRest

GraphQL

query policyType(id: "tmod:@turbot/azure-aifoundry#/policy/types/accountEncryptionAtRest") { … }

query policySettings(filter: "policyTypeId:'tmod:@turbot/azure-aifoundry#/policy/types/accountEncryptionAtRest'") { … }

query policyValues(filter: "policyTypeId:'tmod:@turbot/azure-aifoundry#/policy/types/accountEncryptionAtRest'") { … }

CLI

Get Policy Type

turbot graphql policy-type --id "tmod:@turbot/azure-aifoundry#/policy/types/accountEncryptionAtRest"

Get Policy Settings

turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/azure-aifoundry#/policy/types/accountEncryptionAtRest"

Policy: Azure > AI Foundry > Account > Encryption at Rest

Targets

This policy targets the following resource types:

Azure > AI Foundry > Account

Customer Managed Key

Controls

Setting this policy configures this control:

Azure > AI Foundry > Account > Encryption at Rest

Policy Specification

Schema Type	`string`
Default	`Skip`
Valid Values [YAML]	`Skip` `Check: Microsoft managed key` `Check: Customer managed key` `Check: Encryption at Rest > Customer Managed Key` `Enforce: Microsoft managed key` `Enforce: Customer managed key` `Enforce: Encryption at Rest > Customer Managed Key`
Examples [YAML]	`Check: Microsoft managed key`

In Your Workspace

Policy Settings by Type report

Developers

Category URI

tmod:@turbot/turbot#/control/categories/resourceEncryptionAtRest

Policy Type URI

tmod:@turbot/azure-aifoundry#/policy/types/accountEncryptionAtRest

GraphQL

query policyType(id: "tmod:@turbot/azure-aifoundry#/policy/types/accountEncryptionAtRest") { … }

query policySettings(filter: "policyTypeId:'tmod:@turbot/azure-aifoundry#/policy/types/accountEncryptionAtRest'") { … }

query policyValues(filter: "policyTypeId:'tmod:@turbot/azure-aifoundry#/policy/types/accountEncryptionAtRest'") { … }

CLI

Get Policy Type

turbot graphql policy-type --id "tmod:@turbot/azure-aifoundry#/policy/types/accountEncryptionAtRest"

Get Policy Settings

turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/azure-aifoundry#/policy/types/accountEncryptionAtRest"

Policy: Azure > AI Foundry > Account > Encryption at Rest

Targets

Related Policies

Controls

Policy Specification

Category

In Your Workspace

Developers

Policy: Azure > AI Foundry > Account > Encryption at Rest

Targets

Related Policies

Controls

Policy Specification

Category

In Your Workspace

Developers