Data protection

Azure Storage account’s Customer-Managed Keys encryption is disabled


Configuring the storage account to use BYOK (Use Your Own Key) provides additional confidentiality controls on data as a given user must have read permission on the corresponding storage account and must be granted decrypt permission by the CMK.
  • Recommended Mitigation

    Configure Customer-Managed Keys encryption for your storage account - {AzureStorageAccount}.