Security Center default policy setting ‘Monitor Disk Encryption’ should be enabled


When this setting is enabled, it recommends enabling disk encryption in all virtual machines (Windows and Linux as well) to enhance data protection at rest.

Portal Remediation Steps

  • Navigate to Azure Policy.

  • Select the subscription and click Edit assignment.

  • Select Parameters.

  • In Disk encryption should be applied on virtual machines, select AuditIfNotExists.

  • Click Review + save > save.

CLI Remediation Steps

  • Remediation is not possible via the CLI.