> select name, public_network_access, data_access_auth_mode from azure_compute_disk
+-----------------+-----------------------+-----------------------+
| name | public_network_access | data_access_auth_mode |
+-----------------+-----------------------+-----------------------+
| disk-123 | Disabled | AzureActiveDirectory |
| turbottest76149 | Enabled | |
+-----------------+-----------------------+-----------------------+
select
disk.id as resource,
case
when network_access_policy in ('DenyAll','AllowPrivate') and public_network_access = 'Disabled' then 'ok'
else 'alarm'
end as status,
case
when network_access_policy in ('DenyAll','AllowPrivate') and public_network_access = 'Disabled' then disk.name || ' network access disabled.'
else disk.name || ' network access enabled.'
end as reason
from
azure_compute_disk disk,
azure_subscription sub
where
sub.subscription_id = disk.subscription_id;
+-------------------------------------------------------------------------------------------------------------------+--------+--------------------------->
| resource | status | reason >
+-------------------------------------------------------------------------------------------------------------------+--------+--------------------------->
| /subscriptions/ddddddddddddddddddddddddddddd/resourceGroups/DEMO/providers/Microsoft.Compute/disks/test-pc | ok | test-pc network access dis>
+-------------------------------------------------------------------------------------------------------------------+--------+--------------------------->
select
disk.id as resource,
case
when data_access_auth_mode = 'AzureActiveDirectory' then 'ok'
else 'alarm'
end as status,
case
when data_access_auth_mode = 'AzureActiveDirectory' then disk.name || ' data authentication mode enabled.'
else disk.name || ' data authentication mode disabled.'
end as reason
from
azure_compute_disk disk,
azure_subscription sub
where
sub.subscription_id = disk.subscription_id;
+-------------------------------------------------------------------------------------------------------------------+--------+--------------------------->
| resource | status | reason >
+-------------------------------------------------------------------------------------------------------------------+--------+--------------------------->
| /subscriptions/ddddddddddddddddddddddddddddd/resourceGroups/DEMO/providers/Microsoft.Compute/disks/test-pc | ok | test-pc data authenticatio>
+-------------------------------------------------------------------------------------------------------------------+--------+--------------------------->
select id,name,network_access_policy,data_access_auth_mode from azure_compute_disk
+--------------------------------------------------------------------------------------------------------------------+----------+-----------------------+-----------------------+
| id | name | network_access_policy | data_access_auth_mode |
+--------------------------------------------------------------------------------------------------------------------+----------+-----------------------+-----------------------+
| /subscriptions/ddddddddddddddddddddddddddddd/resourceGroups/DEMO/providers/Microsoft.Compute/disks/disk-123 | disk-123 | DenyAll | AzureActiveDirectory |
+--------------------------------------------------------------------------------------------------------------------+----------+-----------------------+-----------------------+
Compliance queries dependent on these columns:
Needed for cis_v300 section 8.5 and 8.6