Open ahmadabdalla opened 2 years ago
This also applies to virtual machines
@description('Optional. This property can be used by user in the request to enable or disable the Host Encryption for the virtual machine. This will enable the encryption for all the disks including Resource/Temp disk at host itself. For security reasons, it is recommended to set encryptionAtHost to True. Restrictions: Cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VMs.')
param encryptionAtHost bool = true
VERBOSE: Deployment output: {}
Exception: /home/runner/work/_temp/25088aa3-c884-466a-99bc-45080b80d61d.ps1:49
Line |
49 | throw $res.exception
| ~~~~~~~~~~~~~~~~~~~~
| 01:33:24 - The deployment
| 'virtualMachines-20220316T0103517410Z' failed with error(s).
| Showing 1 out of 1 error(s). Status Message: The property
| 'securityProfile.encryptionAtHost' is not valid because the
| 'Microsoft.Compute/EncryptionAtHost' feature is not enabled
| for this subscription. (Code:InvalidParameter) CorrelationId:
| 078cbb40-77f9-4505-8237-101dcde82d2e
Need to wait for the discussion on how we handle "secure by default"
Missing clarity on what to do with this issue. Moving back to needs triage and applying the needs further discussion label.
Need to wait for the discussion on how we handle "secure by default"
Any movement on or internal discussions on this issue? It's definitely one that regularly appears for me and doesn't have a clear work around other than hacking at the underlying CARML module and deleting existing storage accounts that have strayed outside of any changes to the defaults...
Description
For example, there are certain properties on resources that if are enabled, cannot be rolled back or changed after. Below is an example for a storage account :
Error example:
Steps to reproduce