GR6: Add additional policy checks to existing control

[MathesonSho]

Is your feature request related to a problem? Please describe. PROTECTION OF DATA-AT-REST (M) needs more checks surrounding the Storage Accounts.

This module will detect the PBMM and look for specific policies not to be exempted. The compliance will fail right away if the PBMM policy is not applied. If applied, the following policies will be checked for exemptions:

• "TransparentDataEncryptionOnSqlDatabasesShouldBeEnabled"
• "DiskEncryptionShouldBeAppliedOnVirtualMachines"

Describe the solution you'd like Could the following policy checks be added to the above list?

• "Storage accounts should restrict network access"
• "Secure transfer to storage accounts should be enabled"
• "Virtual machines should encrypt temp disks, caches, and data flows between Compute and Storage resources"

Q: What would we need to do to look at the policy results and determine if there are any failing resources?

[MathesonSho]

PBMM Policies to check instead:

SC-28 https://learn.microsoft.com/en-us/azure/governance/policy/samples/canada-federal-pbmm#protection-of-information-at-rest

• Azure Defender for SQL should be enabled for unprotected Azure SQL servers
• Azure Defender for SQL should be enabled for unprotected SQL Managed Instances
• Transparent Data Encryption on SQL databases should be enabled

Additional checks to consider (IA-7,SC12, SC13, SC28, SC28(1)) if added to the Canada Federal PBMM initiative we could update to add the policy checks.

[dutt0]

"Transparent Data Encryption on SQL databases should be enabled" is already in the required policy. Other two additional checks will be added replacing the deprecated.