Ensure Virtual Machines are utilizing managed disks

Error: Azure Virtual Machines are not utilizing managed disks

Bridgecrew Policy ID: BC_AZR_GENERAL_66
Checkov Check ID: CKV_AZURE_92
Severity: LOW

Azure Virtual Machines are not utilizing managed disks

Description

Using Azure Managed disk over traditional BLOB based VHD's has more advantage features like Managed disks are by default encrypted, reduces cost over storage accounts and more resilient as Microsoft will manage the disk storage and move around if underlying hardware goes faulty. It is recommended to move BLOB based VHD's to Managed Disks.

Fix - Runtime

In Azure CLI

  1. Log in to the Azure Portal
  2. Select 'Virtual Machines' from the left pane
  3. Select the reported virtual machine
  4. Select 'Disks' under 'Settings'
  5. Click on 'Migrate to managed disks'
  6. Select 'Migrate'", "remediable": false,

Fix - Buildtime

Terraform

  • Resource: azurerm_windows_virtual_machine
  • Argument: storage_os_disk
resource "azurerm_windows_virtual_machine" "example" {
  ...
  + storage_os_disk {
    name              = "myosdisk1"
    caching           = "ReadWrite"
    create_option     = "FromImage"
    managed_disk_type = "Standard_LRS"
  }
  ...
}