Azure Encryption At Host Disabled
Description
Detects Azure Virtual Machines that do not have encryption at host enabled. Host-level encryption provides additional protection by encrypting temporary disk and OS/data disk cache data at rest on the VM host, helping prevent data leakage across tenant boundaries.
Detection Strategy
• Scans all Virtual Machines in the Azure subscription
• Reports a vulnerability if encryption_at_host is set to false or not configured in the VM's security profile
• Excludes Virtual Machine Scale Sets from this check as they handle encryption differently
• Examines the security_profile/encryption_at_host configuration path in the VM settings
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan.If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.