Ensure that VHDs are Encrypted
Why This Matters
Unencrypted VHDs stored in Azure blob storage expose sensitive OS and data disk contents to potential unauthorized access if the storage account is compromised. While Microsoft recommends managed disks for new deployments, legacy VHDs remain in use for many critical workloads and require explicit encryption to meet compliance and security requirements. Failing to encrypt these disks can lead to data breaches and noncompliance with standards like CIS and EIDSCA.
What Aether365 Checks
Aether365 verifies that your storage accounts containing VHDs have encryption enabled, either with platform-managed keys (PMK) or customer-managed keys (CMK). This check appears in your Aether365 dashboard under the azure-azure-disks checks group.