Data protection

Azure Storage Account infrastructure encryption is disabled

Platform(s)
Compliance Frameworks

Description

Azure Storage automatically encrypts all data in a storage account at the service level using 256-bit AES encryption, one of the strongest block ciphers available, and is FIPS 140-2 compliant. Infrastructure encryption is recommended for scenarios where doubly encrypting data is necessary for compliance requirements. For more info, see https://learn.microsoft.com/en-us/azure/storage/common/infrastructure-encryption-enable?tabs=portal.
  • Recommended Mitigation

    It is recommended to doubly encrypt your data by enabling the infrastructure encryption. Please note that in order to enable infrastructure encryption for a storage account, you must configure a storage account to use infrastructure encryption at the time that you create the account. Infrastructure encryption cannot be enabled or disabled after the account has been created. The storage account must be of type general-purpose v2 or premium block blob.