stackoom
  简体   繁体   中英

How to get Azure storage account Infrastructure encryption status in powershell

 原文  2020-12-04 00:54:05       azure/ powershell/ encryption/ azure-devops/ azure-storage-account

Question

I am trying to check the Infrastructure encryption status via powershell. Here is the screenshot Encryption

I referenced this doc(" https://docs.microsoft.com/en-us/azure/storage/common/infrastructure-encryption-enable?tabs=portal ") and tried the below script but didn't get any result.

$account = Get-AzStorageAccount -ResourceGroupName ` -StorageAccountName $account.Encryption.RequireInfrastructureEncryption

Is there a way to see if the Infrastructure encryption is enabled or disabled?

Thank you

1 answers

solution1
 1 ACCPTED  2020-12-04 02:11:30

From that docs , there are two kinds of encryption levels for Azure storage account, at the service level and at the infrastructure level . By default, Azure Storage automatically encrypts all data in a storage account at the service level using 256-bit AES encryption, customers who require higher levels of assurance that their data is secure can also enable 256-bit AES encryption at the Azure Storage infrastructure level.

To doubly encrypt your data, you must first create a storage account that is configured for infrastructure encryption .

In this case, if you have not enabled the infrastructure encryption, you could see the "requireInfrastructureEncryption": null with Azure CLI.

az storage account show --name <storage-account> --resource-group <resource-group>

在此处输入图像描述

To Verify that infrastructure encryption is enabled, you could Register to use infrastructure encryption,

Register-AzProviderFeature -ProviderNamespace Microsoft.Storage `
    -FeatureName AllowRequireInfraStructureEncryption

Create an account with infrastructure encryption enabled,

New-AzStorageAccount -ResourceGroupName <resource_group> `
    -AccountName <storage-account> `
    -Location <location> `
    -SkuName "Standard_RAGRS" `
    -Kind StorageV2 `
    -RequireInfrastructureEncryption

Then you can Verify that infrastructure encryption is enabled with the PowerShell scripts.

$account = Get-AzStorageAccount -ResourceGroupName <resource-group> `
    -StorageAccountName <storage-account>
$account.Encryption.RequireInfrastructureEncryption

在此处输入图像描述

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to get azure storage encryption status Azure storage account - encryption Azure-Powershell Enable File Service Encryption on storage account How to get Azure Storage account logging enablement status? How to get the usage for an storage account in Microsoft azure using powershell How to get storage account id given storage account name and resource group using azure powershell command? How to add encryption AKV on Azure storage account through ARM template remove azure storage account with powershell Azure Powershell to copy azure storage account to another azure storage account Get Azure Storage Account Key inside Powershell Function App
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM