Storage account encryption scopes should use customer-managed keys to encrypt data at rest

This page is not yet available in Spanish. We are working on its translation.
If you have any questions or feedback about our current translation project, feel free to reach out to us!

Description

This rule checks whether storage account encryption scopes are using customer-managed keys to encrypt data at rest. It is important to use customer-managed keys for encryption to ensure better control and security of data at rest.

Remediation

To ensure storage account encryption scopes use customer-managed keys, update the encryption settings to use customer-managed keys. For instructions on how to do this, see: Azure Documentation