User Profile
marekatai
Copper Contributor
Joined Jul 11, 2020
User Widgets
Recent Discussions
Encryption in Az - Confusion
Hi everyone. I did not know how to answer these questions so maybe some of you have experiences with encryption. 1. The wording is quite difficult. Is Service-side enryption = Storage Service Encryption? Both use the SSE. 2. In the constraints i saw "Managed disks encrypted using customer-managed keys cannot also be encrypted with Azure Disk Encryption.". Why that? As i know, SSE with CMK and ADE are not same things, right? 3. The abbreviation KEK is confusing. I thought that's what is used in SSE (the CMK) respectively during ADE (when I add a key to the key vault and use it for the disk encryption). Now i saw there is in premium key vault the option "KEK for BYOK". Whats the difference, what is the KEK now? For what do i need that KEK for BYOK if i already have my KEK as i added key in key vault? 4. It is recommended to use a key in key vault for ADE? Kind regardsPricing composition
Hi all I have only a short question about the pricing which is confusing. So is it correct that the pricing is composed of 1. a fixed amount to pay for the instances we are monitoring with Azure Defender 2. additional costs for data ingested into the workspace? Is that correct and which data are ingested into workspace (i know it is the case for VM's)?1.1KViews0likes1CommentRe: ASC Security Policies & Compliance Wording
Tom_Janetscheck Hi guys. I am not sure if you are right here. First of all, it is not really clear if the regulatories are that one that gives the security controls/recommendations and are showed in the recommendation tab or vice versa if the benchmarks of Microsoft are just creating recommendations and feed or map them to standards. Because os it is confusing that it s not clear if all the recommendations are from one of the regulatories or not; and.. at the other side there are quite a lot of "empty" controls in the regulations. Why I see this like that? - Exclusion of recommendations does not work Yes; let's say i want to exclude a security recommendation control because I dont need it. When I exclude that policy in the ASC default and even when i delete the default ASC policy, I still see that recommendation in the out-of-the-box Azure CIS regulation or other regulatories and also in the recommendations. This leads to false positives and to a decreased security score.14KViews0likes3Comments
Recent Blog Articles
No content to show