Azure Policy built-in definitions for Azure Data Box
The name of each built-in policy definition links to the policy definition in the Azure portal. Use the link in the Version column to view the source on the Azure Policy GitHub repo.
Azure Data Box
|Azure Data Box jobs should enable double encryption for data at rest on the device||Enable a second layer of software-based encryption for data at rest on the device. The device is already protected via Advanced Encryption Standard 256-bit encryption for data at rest. This option adds a second layer of data encryption.||Audit, Deny, Disabled||1.0.0|
|Azure Data Box jobs should use a customer-managed key to encrypt the device unlock password||Use a customer-managed key to control the encryption of the device unlock password for Azure Data Box. Customer-managed keys also help manage access to the device unlock password by the Data Box service in order to prepare the device and copy data in an automated manner. The data on the device itself is already encrypted at rest with Advanced Encryption Standard 256-bit encryption, and the device unlock password is encrypted by default with a Microsoft managed key.||Audit, Deny, Disabled||1.0.0|