AZ-018 Microsoft Azure

VM OS and data disks are encrypted (ADE/CMK or platform encryption).

VM OS and data disks are encrypted (ADE/CMK or platform encryption).

Domain
Microsoft Azure
Area
Compute
Automated / manual
Automated

Risk if it fails

Unencrypted disks expose data when copied.

If someone copies or steals a virtual disk, encryption keeps it unreadable. Unencrypted disks hand over the full contents to whoever grabs the copy.

How Tess tests it

1 test — each concludes only on cited evidence.

VM OS and data disks are encrypted (ADE/CMK or platform encryption).

Automated
Procedure
Confirm encryption status of VM disks.

Read-only command 

az vm encryption show --name <vm> --resource-group <rg> 2>/dev/null
az disk list --query '[].{Name:name,Enc:encryption.type}' -o table

More in Microsoft Azure

AZ-001 MFA is enforced for all users, especially privileged roles. AZ-002 Number of Global Administrators is limited (typically 2-4). AZ-003 Privileged Identity Management (PIM) provides just-in-time elevation. AZ-004 Legacy/basic authentication is blocked.

Want Tess to test AZ-018 against your evidence?

Book a demo