Description
Managed disks both attached / unattached may contain sensitive information, and companies must use customer-managed keys to ensure proper key management. For example, key rotation, key vault monitoring, etc.
Remediation Steps
On Azure Portal
- Go to Disks under resources.
- Select the disk you want to remediate
- Select Encryption under Settings.
- Under Encryption type, select Encryption at-rest with a customer-managed key.
- From the Disk encryption set drop-down, select an existing disk encryption set.
- Hit Save to save settings before exit
More information about the encryption of disks in Azure can be found here
https://docs.microsoft.com/en-us/azure/virtual-machines/disk-encryption