By mapping private endpoints to Azure Recovery Services vaults, data leakage risks are reduced. The Private Link platform handles the connectivity between the consumer and services over the Azure backbone network. : : Azure Recovery Services vaults should use private link for backupĪzure Private Link lets you connect your virtual network to Azure services without a public IP address at the source or destination. You have full control and responsibility for the key lifecycle, including rotation and management. Customer-managed keys enable the data to be encrypted with an Azure Key Vault key created and owned by you. By default, customer data is encrypted with service-managed keys, but customer-managed keys are commonly required to meet regulatory compliance standards. Use customer-managed keys to manage the encryption at rest of your backup data. : : Azure Recovery Services vaults should use customer-managed keys for encrypting backup data Creating private endpoints can limit exposure of recovery services vault. : : Azure Recovery Services vaults should disable public network accessĭisabling public network access improves security by ensuring that recovery services vault is not exposed on the public internet. The link in the Version column to view the source on theĪzure Policy GitHub repo. The name of each built-in policy definition links to the policy definition in the Azure portal. For additional Azure Policy built-ins for other services, see This page is an index of Azure Policy built-in policyĭefinitions for Azure Backup.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |