Ensure that 'Unattached disks' are encrypted with 'Customer Managed Key' (CMK)
Why This Matters
Unattached disks encrypted only with platform-managed keys remain vulnerable to unauthorized access if a compromised administrative account mounts the disk. Without a customer-managed key, the full disk contents could be recovered, potentially exposing sensitive data. Using CMK provides an additional layer of access control and helps meet regulatory requirements for key ownership and management.
What Aether365 Checks
Aether365 verifies that every unattached managed disk in your Azure subscription is encrypted with a customer-managed key (CMK). This check appears in the Aether365 dashboard under the azure-azure-disks compliance checks.