Policy: Azure > CIS v4.0 > 10 - Storage Services > 10.01 - Azure Files

This subsection covers security recommendations for Azure Files, a fully managed file share service in the cloud. These recommendations focus on enabling soft delete for file shares and securing SMB protocol settings to protect data in transit and at rest.

Primary Policy

This policy is used with the following primary policy:

Azure > CIS v4.0 > 10 - Storage Services

10.01.01 - Ensure soft delete for Azure File Shares is Enabled
10.01.02 - Ensure 'SMB protocol version' is set to 'SMB 3.1.1' or higher for SMB file shares
10.01.03 - Ensure 'SMB channel encryption' is set to 'AES-256-GCM' or higher for SMB file shares

Policy Specification

Schema Type	`string`
Default	`Per Azure > CIS v4.0 > 10 - Storage Services`
Valid Values [YAML]	`Per Azure > CIS v4.0 > 10 - Storage Services` `Skip` `Check: All CIS Benchmarks except attestations` `Check: All CIS Benchmarks`

In Your Workspace

Policy Settings by Type report

Developers

Category URI

tmod:@turbot/cis#/control/categories/cis

Policy Type URI

tmod:@turbot/azure-cisv4-0#/policy/types/s1001

GraphQL

query policyType(id: "tmod:@turbot/azure-cisv4-0#/policy/types/s1001") { … }

query policySettings(filter: "policyTypeId:'tmod:@turbot/azure-cisv4-0#/policy/types/s1001'") { … }

query policyValues(filter: "policyTypeId:'tmod:@turbot/azure-cisv4-0#/policy/types/s1001'") { … }

CLI

Get Policy Type

turbot graphql policy-type --id "tmod:@turbot/azure-cisv4-0#/policy/types/s1001"

Get Policy Settings

turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/azure-cisv4-0#/policy/types/s1001"

Policy: Azure > CIS v4.0 > 10 - Storage Services > 10.01 - Azure Files

Primary Policy

Related Policies

Policy Specification

Category

In Your Workspace

Developers