Skip to content

Use disk encryption for Azure Data Explorer clusters#

Security · Data Explorer · Rule · 2022_03 · Important

Use disk encryption for Azure Data Explorer (ADX) clusters.

Description#

Azure storage is encrypted at rest, however computing resources can additionally use disk encryption. Disk encryption provides additional security for data at rest.

Recommendation#

Consider enabling disk encryption on Azure Data Explorer clusters.

Examples#

Configure with Azure template#

To deploy clusters that pass this rule:

  • Set properties.enableDiskEncryption to true.

For example:

Azure Template snippet
{
    "type": "Microsoft.Kusto/clusters",
    "apiVersion": "2021-08-27",
    "name": "[parameters('name')]",
    "location": "[parameters('location')]",
    "sku": {
        "name": "Standard_D11_v2",
        "tier": "Standard"
    },
    "identity": {
        "type": "SystemAssigned"
    },
    "properties": {
        "enableDiskEncryption": true
    }
}

Configure with Bicep#

To deploy clusters that pass this rule:

  • Set properties.enableDiskEncryption to true.

For example:

Azure Bicep snippet
resource adx 'Microsoft.Kusto/clusters@2021-08-27' = {
  name: name
  location: location
  sku: {
    name: 'Standard_D11_v2'
    tier: 'Standard'
  }
  identity: {
    type: 'SystemAssigned'
  }
  properties: {
    enableDiskEncryption: true
  }
}

Comments