Ensure the storage account containing the container with activity logs is encrypted with Customer Managed Key (CMK)
Why This Matter
Encrypting activity logs with Customer Managed Keys (CMK) gives you direct control over encryption keys for compliance and security. Without CMK, Microsoft manages the keys by default, which limits your ability to enforce custom data protection policies or revoke access if a breach occurs. This check ensures that you have exclusive authority over your audit log encryption, reducing risk from third-party key exposure.
What Aether365 Checks
Aether365 verifies that the storage account used for activity log export is encrypted with a Customer Managed Key instead of the default Microsoft-managed key. This check appears in your dashboard under azure-diagnostic-settings checks, identifying misconfigurations that leave critical log data less protected.