Ensure storage for critical data are encrypted with Customer Managed Key
Why This Matters
Azure Storage automatically encrypts all data at rest using Microsoft-managed keys by default. However, organizations handling sensitive or regulated data often require granular control over encryption keys to meet compliance mandates or internal security policies. Using customer-managed keys (CMK) gives you full authority over key lifecycle, access, and rotation, reducing the risk of unauthorized data access if Microsoft’s key management is compromised.
What Aether365 Checks
Aether365 verifies whether each Azure Storage account used for critical data has encryption configured with a customer-managed key instead of the default Microsoft-managed key. This check appears in your Aether365 dashboard under the azure-storage-accounts category.