This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(163.2, 27%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAG%3C/text%3E%3C/svg%3E)
Hello Community,
I observe the in built Azure Policy here to audit VMs for "encryption at host" setting(end to end encryption using PMK or CMK).
"Virtual machines and virtual machine scale sets should have encryption at host enabled"
Is there a built in/custom policy to remediate/enforce above on existing resources?(deployifnotexists/modify effect)
Kind regards,
Kind regards,
Aditya Garg
There's nothing built-in or part of the community policies - for remediating and enforcing, other than Deny. A policy will need to be built - will come back to you.
Theres a bit happening in the background with the encryption, Azure Policy doesn't seem to be able to set it - you could have a script running from an Azure Automation account: https://www.jorgebernhardt.com/azure-disk-encryption-powershell/
This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Comments have been turned off. Learn more