Description
Virtual Machine OS and data disks are encrypted with platform-managed keys by default. Companies must use customer-managed keys (CMK) to achieve more flexibility for choosing when to rotate their keys per their policies, prevent managed disks from accessing keys to cause a VM to fail, and track key usage through Key Vault monitoring.
Remediation Steps
Azure Portal
- Goto Virtual Machines.
- Select the Virtual Machine you want to remediate.
- Select Disks from navigation.
- Detach the disk from the Virtual Machine.
- Go to the disk you unattached in the previous step and select Encryption.
- Change the encryption type, select your encryption settings, and click Save.
- Re-attach the disk by going to the virtual machine.
More information about disk encryption can be found here
https://docs.microsoft.com/en-us/azure/security/fundamentals/data-encryption-best-practices