Security Center default policy setting “Monitor Storage Blob Encryption” should be enabled


Enable storage encryption recommendations. When this setting is enabled, any new data in Azure Blobs and Files will be encrypted.

Portal Remediation Steps

  • Navigate to Azure Policy.

  • Select the subscription and click Edit assignment.

  • Select Parameters.

  • In Advanced threat protection standard tier should be enabled on Azure Storage accounts, select AuditIfNotExists.

  • Click Review + save > save.

CLI Remediation Steps

  • Remediation is not possible via the CLI.