AzPolicyAdvertizer

last sync: 2025-Oct-31 18:22:59 UTC

[Preview]: Azure IoT Hub should use customer-managed key to encrypt data at rest

Azure BuiltIn Policy definition

Source

Azure Portal

Display name

[Preview]: Azure IoT Hub should use customer-managed key to encrypt data at rest

2d7e144b-159c-44fc-95c1-ac3dbf5e6e54

Version

1.0.0-preview
Details on versioning

Versioning

Versions supported for Versioning: 1
1.0.0-preview
Built-in Versioning [Preview]

Category

Internet of Things
Microsoft Learn

Description

Encryption of data at rest in IoT Hub with customer-managed key adds a second layer of encryption on top of the default service-managed keys, enables customer control of keys, custom rotation policies, and ability to manage access to data through key access control. Customer-managed keys must be configured during creation of IoT Hub. For more information on how to configure customer-managed keys, see https://aka.ms/iotcmk.

Cloud environments

AzureCloud = true
AzureUSGovernment = unknown
AzureChinaCloud = unknown

Available in AzUSGov

Unknown, no evidence if Policy definition is/not available in AzureUSGovernment

Mode

Indexed

Type

BuiltIn

Preview

True

Deprecated

False

Effect

Default
Audit
Allowed
Audit, Deny, Disabled

RBAC role(s)

none

Rule aliases

IF (2)

Alias	Namespace	ResourceType	Path	PathIsDefault	DefaultPath	Modifiable
Microsoft.Devices/IotHubs/encryption.keyVaultProperties[*]	Microsoft.Devices	IotHubs	properties.encryption.keyVaultProperties[*]	True		False
Microsoft.Devices/IotHubs/encryption.keyVaultProperties[*].keyIdentifier	Microsoft.Devices	IotHubs	properties.encryption.keyVaultProperties[*].keyIdentifier	True		False

Rule resource types

IF (1)

Microsoft.Devices/IotHubs

Compliance

Not a Compliance control

Initiatives usage

none

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2021-03-09 14:37:41	add	2d7e144b-159c-44fc-95c1-ac3dbf5e6e54

JSON compare

n/a

JSON

api-version=2021-06-01
EPAC