Azure audit compute os disks without encryption remediation

Using Console

Using CLI

Using Python

To remediate the misconfiguration of OS Disks Lacking Encryption in AZURE using python, follow these steps:

Install the Azure SDK for Python using the following command:

pip install azure-mgmt-compute

Import the necessary modules:

from azure.identity import DefaultAzureCredential
from azure.mgmt.compute import ComputeManagementClient

Authenticate to the Azure account using the DefaultAzureCredential class:

credential = DefaultAzureCredential()
subscription_id = 'your-subscription-id'
compute_client = ComputeManagementClient(credential, subscription_id)

Get a list of all the virtual machines in the subscription:

vm_list = compute_client.virtual_machines.list_all()

For each virtual machine, check if the OS disk is encrypted or not:

for vm in vm_list:
    os_disk = vm.storage_profile.os_disk
    if not os_disk.encryption_settings:
        # Encrypt the OS disk
        encryption_settings = compute_client.disks.create_or_update_encryption_settings(
            resource_group_name=vm.id.split('/')[4],
            disk_name=os_disk.name,
            encryption_settings={
                "enabled": True
            }
        )

Save the script and run it to remediate the misconfiguration.

Note: This script assumes that the virtual machines are using managed disks. If the virtual machines are using unmanaged disks, you will need to modify the script accordingly.

Azure Introduction

Azure Pricing

Azure Threats

Azure Misconfigurations

Azure audit compute os disks without encryption remediation

Triage and Remediation

Remediation