AZURE BL 1-6 Virtual machines managed disks are encrypted with CMK



Managed disks both attached / unattached may contain sensitive information, and companies must use customer-managed keys to ensure proper key management. For example, key rotation, key vault monitoring, etc.


Remediation Steps

On Azure Portal 

  1. Go to Disks under resources.
  2. Select the disk you want to remediate
  3. Select Encryption under Settings.
  4. Under Encryption type, select Encryption at-rest with a customer-managed key.
  5. From the Disk encryption set drop-down, select an existing disk encryption set.
  6. Hit Save to save settings before exit

More information about the encryption of disks in Azure can be found here