Data protection

Logs Container Not Encrypted with your own Key

Description

Configuring the storage account with the activity log export container to use BYOK (Use Your Own Key) provides additional confidentiality controls on log data as a given user must have read permission on the corresponding storage account and must be granted decrypt permission by the CMK.
  • Recommended Mitigation

    For the Storage account used by Activity Log, configure 'Use your own key'.