Ensure Azure Windows VM enables encryption

Error: Azure Windows VM does not enable encryption

Bridgecrew Policy ID: BC_AZR_GENERAL_89
Checkov Check ID: CKV_AZURE_151
Severity: LOW

Azure Windows VM does not enable encryption

Description

Enabling encryption for your Azure Windows virtual machine (VM) can help improve the security of your VM and its data. Encryption helps protect data by encoding it in such a way that it can only be accessed by authorized users.

Fix - Runtime

Fix - Buildtime

Terraform

  • Resource: azurerm_windows_virtual_machine
  • Argument: encryption_at_host_enabled
resource "azurerm_windows_virtual_machine" "pass" {
  name                = "example-machine"
  resource_group_name = azurerm_resource_group.example.name
  location            = azurerm_resource_group.example.location
  size                = "Standard_F2"
  admin_username      = "adminuser"
  admin_password      = "P@$$w0rd1234!"

  network_interface_ids = [
    azurerm_network_interface.example.id,
  ]

  os_disk {
    caching              = "ReadWrite"
    storage_account_type = "Standard_LRS"
  }

  source_image_reference {
    publisher = "MicrosoftWindowsServer"
    offer     = "WindowsServer"
    sku       = "2016-Datacenter"
    version   = "latest"
  }

   encryption_at_host_enabled=true
}