AzPolicyAdvertizer

last sync: 2025-Oct-31 18:22:59 UTC

Azure Edge Hardware Center devices should have double encryption support enabled

Azure BuiltIn Policy definition

Source Azure Portal
Display name Azure Edge Hardware Center devices should have double encryption support enabled
Id 08a6b96f-576e-47a2-8511-119a212d344d
Version 2.0.0
Details on versioning
Versioning Versions supported for Versioning: 1
2.0.0
Built-in Versioning [Preview]
Category Azure Edge Hardware Center
Microsoft Learn
Description Ensure that devices ordered from Azure Edge Hardware Center have double encryption support enabled, to secure the data at rest on the device. This option adds a second layer of data encryption.
Cloud environments AzureCloud = true
AzureUSGovernment = true
AzureChinaCloud = unknown
Available in AzUSGov The Policy is available in AzureUSGovernment cloud. Version: '2.0.0'
Repository: Azure-Policy 08a6b96f-576e-47a2-8511-119a212d344d
Mode Indexed
Type BuiltIn
Preview False
Deprecated False
Effect Default
Audit
Allowed
Audit, Deny, Disabled
RBAC role(s) none
Rule aliases IF (2)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.EdgeOrder/orderItems/orderItemDetails.preferences.encryptionPreferences.doubleEncryptionStatus Microsoft.EdgeOrder orderItems properties.orderItemDetails.preferences.encryptionPreferences.doubleEncryptionStatus True False
Microsoft.EdgeOrder/orderItems/orderItemDetails.productDetails.productDoubleEncryptionStatus Microsoft.EdgeOrder orderItems properties.orderItemDetails.productDetails.productDoubleEncryptionStatus True False
Rule resource types IF (1)
Compliance
The following 4 compliance controls are associated with this Policy definition 'Azure Edge Hardware Center devices should have double encryption support enabled' (08a6b96f-576e-47a2-8511-119a212d344d)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
Azure_Security_Benchmark_v3.0 DP-4 Azure_Security_Benchmark_v3.0_DP-4 Microsoft cloud security benchmark DP-4 Data Protection DP-4 Enable data at rest encryption by default Shared **Security Principle:** To complement access controls, data at rest should be protected against 'out of band' attacks (such as accessing underlying storage) using encryption. This helps ensure that attackers cannot easily read or modify the data. **Azure Guidance:** Many Azure services have data at rest encryption enabled by default at the infrastructure layer using a service-managed key. Where technically feasible and not enabled by default, you can enable data at rest encryption in the Azure services, or in your VMs for storage level, file level, or database level encryption. **Implementation and additional context:** Understand encryption at rest in Azure: https://docs.microsoft.com/azure/security/fundamentals/encryption-atrest#encryption-at-rest-in-microsoft-cloud-services Data at rest double encryption in Azure: https://docs.microsoft.com/azure/security/fundamentals/encryption-models Encryption model and key management table: https://docs.microsoft.com/azure/security/fundamentals/encryption-models n/a link 25
U.05.1 - Cryptographic measures U.05.1 - Cryptographic measures 404 not found n/a n/a 18
U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found n/a n/a 53
U.11.3 - Encrypted U.11.3 - Encrypted 404 not found n/a n/a 52
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type polSet in AzUSGov
[Preview]: Microsoft cloud security benchmark v2 e3ec7e09-768c-4b64-882c-fcada3772047 Security Center Preview BuiltIn unknown
NL BIO Cloud Theme 6ce73208-883e-490f-a2ac-44aac3b3687f Regulatory Compliance GA BuiltIn unknown
NL BIO Cloud Theme V2 d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee Regulatory Compliance GA BuiltIn unknown
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-01-14 17:44:09 change Major (1.0.0 > 2.0.0)
2021-07-30 15:17:20 add 08a6b96f-576e-47a2-8511-119a212d344d
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC