Share via

DeploymentSecuritySettings interface

Package:
@azure/arm-azurestackhci

The SecuritySettings of AzureStackHCI Cluster.

Properties

bitlockerBootVolume

When set to true, BitLocker XTS_AES 256-bit encryption is enabled for all data-at-rest on the OS volume of your Azure Stack HCI cluster. This setting is TPM-hardware dependent.
bitlockerDataVolumes

When set to true, BitLocker XTS-AES 256-bit encryption is enabled for all data-at-rest on your Azure Stack HCI cluster shared volumes.
credentialGuardEnforced

When set to true, Credential Guard is enabled.
driftControlEnforced

When set to true, the security baseline is re-applied regularly.
drtmProtection

By default, Secure Boot is enabled on your Azure HCI cluster. This setting is hardware dependent.
hvciProtection

By default, Hypervisor-protected Code Integrity is enabled on your Azure HCI cluster.
sideChannelMitigationEnforced

When set to true, all the side channel mitigations are enabled
smbClusterEncryption

When set to true, cluster east-west traffic is encrypted.
smbSigningEnforced

When set to true, the SMB default instance requires sign in for the client and server services.
wdacEnforced

WDAC is enabled by default and limits the applications and the code that you can run on your Azure Stack HCI cluster.

Property Details

bitlockerBootVolume

When set to true, BitLocker XTS_AES 256-bit encryption is enabled for all data-at-rest on the OS volume of your Azure Stack HCI cluster. This setting is TPM-hardware dependent.

bitlockerBootVolume?: boolean

Property Value

boolean

bitlockerDataVolumes

When set to true, BitLocker XTS-AES 256-bit encryption is enabled for all data-at-rest on your Azure Stack HCI cluster shared volumes.

bitlockerDataVolumes?: boolean

Property Value

boolean

credentialGuardEnforced

When set to true, Credential Guard is enabled.

credentialGuardEnforced?: boolean

Property Value

boolean

driftControlEnforced

When set to true, the security baseline is re-applied regularly.

driftControlEnforced?: boolean

Property Value

boolean

drtmProtection

By default, Secure Boot is enabled on your Azure HCI cluster. This setting is hardware dependent.

drtmProtection?: boolean

Property Value

boolean

hvciProtection

By default, Hypervisor-protected Code Integrity is enabled on your Azure HCI cluster.

hvciProtection?: boolean

Property Value

boolean

sideChannelMitigationEnforced

When set to true, all the side channel mitigations are enabled

sideChannelMitigationEnforced?: boolean

Property Value

boolean

smbClusterEncryption

When set to true, cluster east-west traffic is encrypted.

smbClusterEncryption?: boolean

Property Value

boolean

smbSigningEnforced

When set to true, the SMB default instance requires sign in for the client and server services.

smbSigningEnforced?: boolean

Property Value

boolean

wdacEnforced

WDAC is enabled by default and limits the applications and the code that you can run on your Azure Stack HCI cluster.

wdacEnforced?: boolean

Property Value

boolean