For AI agents: A markdown version of this page is available at https://docs.datadoghq.com/security/default_rules/def-000-f3x.md. A documentation index is available at /llms.txt.

Storage account encryption scopes should use customer-managed keys to encrypt data at rest

azure.keyvault

Description

This rule checks whether storage account encryption scopes are using customer-managed keys to encrypt data at rest. It is important to use customer-managed keys for encryption to ensure better control and security of data at rest.

Remediation

To ensure storage account encryption scopes use customer-managed keys, update the encryption settings to use customer-managed keys. For instructions on how to do this, see: Azure Documentation