AzPolicyAdvertizer

last sync: 2025-Oct-31 18:22:59 UTC

Service Bus namespaces should have double encryption enabled

Azure BuiltIn Policy definition

Source Azure Portal
Display name Service Bus namespaces should have double encryption enabled
Id ebaf4f25-a4e8-415f-86a8-42d9155bef0b
Version 1.0.0
Details on versioning
Versioning Versions supported for Versioning: 1
1.0.0
Built-in Versioning [Preview]
Category Service Bus
Microsoft Learn
Description Enabling double encryption helps protect and safeguard your data to meet your organizational security and compliance commitments. When double encryption has been enabled, data in the storage account is encrypted twice, once at the service level and once at the infrastructure level, using two different encryption algorithms and two different keys.
Cloud environments AzureCloud = true
AzureUSGovernment = true
AzureChinaCloud = unknown
Available in AzUSGov The Policy is available in AzureUSGovernment cloud. Version: '1.*.*'
Mode Indexed
Type BuiltIn
Preview False
Deprecated False
Effect Default
Audit
Allowed
Audit, Deny, Disabled
RBAC role(s) none
Rule aliases IF (2)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.ServiceBus/namespaces/encryption.requireInfrastructureEncryption Microsoft.ServiceBus namespaces properties.encryption.requireInfrastructureEncryption True False
Microsoft.ServiceBus/namespaces/sku.tier Microsoft.ServiceBus namespaces sku.tier True False
Rule resource types IF (1)
Compliance
The following 1 compliance controls are associated with this Policy definition 'Service Bus namespaces should have double encryption enabled' (ebaf4f25-a4e8-415f-86a8-42d9155bef0b)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
Azure_Security_Benchmark_v3.0 DP-4 Azure_Security_Benchmark_v3.0_DP-4 Microsoft cloud security benchmark DP-4 Data Protection DP-4 Enable data at rest encryption by default Shared **Security Principle:** To complement access controls, data at rest should be protected against 'out of band' attacks (such as accessing underlying storage) using encryption. This helps ensure that attackers cannot easily read or modify the data. **Azure Guidance:** Many Azure services have data at rest encryption enabled by default at the infrastructure layer using a service-managed key. Where technically feasible and not enabled by default, you can enable data at rest encryption in the Azure services, or in your VMs for storage level, file level, or database level encryption. **Implementation and additional context:** Understand encryption at rest in Azure: https://docs.microsoft.com/azure/security/fundamentals/encryption-atrest#encryption-at-rest-in-microsoft-cloud-services Data at rest double encryption in Azure: https://docs.microsoft.com/azure/security/fundamentals/encryption-models Encryption model and key management table: https://docs.microsoft.com/azure/security/fundamentals/encryption-models n/a link 25
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type polSet in AzUSGov
[Preview]: Control the use of Service Bus in a Virtual Enclave 8fcdb3f1-1369-426d-9917-81edfee903ab VirtualEnclaves Preview BuiltIn true
[Preview]: Microsoft cloud security benchmark v2 e3ec7e09-768c-4b64-882c-fcada3772047 Security Center Preview BuiltIn unknown
Enforce recommended guardrails for Service Bus Enforce-Guardrails-ServiceBus Service Bus GA ALZ
History
Date/Time (UTC ymd) (i) Change type Change detail
2021-07-07 15:26:31 add ebaf4f25-a4e8-415f-86a8-42d9155bef0b
JSON compare n/a
JSON
api-version=2021-06-01
EPAC