- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- Administrator's Guide
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
To enhance security and meet regulatory requirements, it is essential to ensure that unattached disks in a subscription are encrypted using a Customer Managed Key (CMK). By default, managed disks are encrypted with a Platform Managed Key (PMK), but utilizing CMK can provide an additional level of security.
Encrypting unattached managed disks ensures that the entire content can only be accessed with the corresponding key, safeguarding the volume from unauthorized reads. It is crucial to consider the risk of compromised user accounts with administrative access to the VM service, as they can potentially mount or attach these data disks. By encrypting the disks with CMK, the risk of sensitive information disclosure and tampering is mitigated, providing a higher level of security.
If data stored in the disk is no longer useful, refer to Azure documentation to delete unattached data disks at:
https://docs.microsoft.com/en-us/rest/api/compute/disks/delete
https://docs.microsoft.com/en-us/cli/azure/disk?view=azure-cli-latest#az-disk-delete
If data stored in the disk is important, To encrypt the disk refer azure documentation at:
https://docs.microsoft.com/en-us/azure/virtual-machines/disks-enable-customer-managed-keys-portal
https://docs.microsoft.com/en-us/rest/api/compute/disks/update#encryptionsettings