Policy: Azure > Storage > Storage Account > Approved > Infrastructure Encryption

Determine whether the Azure Storage storage account is allowed to have a Infrastructure Encryption enabled.

This policy will be evaluated by the Approved control. If an Azure Storage Storage Account is not approved, it will be subject to the action specified in the Azure > Storage > Storage Account > Approved policy.

See Approved for more information.

Resource Types

This policy targets the following resource types:

Azure > Storage > Storage Account

Primary Policy

This policy is used with the following primary policy:

Azure > Storage > Storage Account > Approved

Controls

Azure > Storage > Storage Account > Approved

Policy Packs

This policy setting is used by the following policy packs:

Azure CIS v2.0.0 - Section 3 - Storage Accounts

Policy Specification

Schema Type	`string`
Default	`Skip`
Valid Values [YAML]	`Skip` `Approved if enabled` `Approved if disabled`
Examples [YAML]	`Approved if enabled`

In Your Workspace

Policy Settings by Type report

Developers

Category URI

tmod:@turbot/turbot#/control/categories/resourceApproved

Policy Type URI

tmod:@turbot/azure-storage#/policy/types/storageAccountApprovedInfrastructureEncryption

GraphQL

query policyType(id: "tmod:@turbot/azure-storage#/policy/types/storageAccountApprovedInfrastructureEncryption") { … }

query policySettings(filter: "policyTypeId:'tmod:@turbot/azure-storage#/policy/types/storageAccountApprovedInfrastructureEncryption'") { … }

query policyValues(filter: "policyTypeId:'tmod:@turbot/azure-storage#/policy/types/storageAccountApprovedInfrastructureEncryption'") { … }

CLI

Get Policy Type

turbot graphql policy-type --id "tmod:@turbot/azure-storage#/policy/types/storageAccountApprovedInfrastructureEncryption"

Get Policy Settings

turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/azure-storage#/policy/types/storageAccountApprovedInfrastructureEncryption"