Azure Automation accounts should use CMK for encryption at rest
HIGH
Ensures Azure Automation accounts encrypt data at rest using customer-managed keys.
What does this mean?
Azure Automation accounts store runbooks, credentials, and certificates. This recommendation ensures that this data is encrypted using customer-managed keys for full control over the encryption lifecycle.
Benefits of implementation
- Full control over encryption of automation secrets and runbooks
- Meets compliance requirements for customer-managed encryption
- Consistent key management across Azure services
Drawbacks and considerations
- Requires Azure Key Vault infrastructure
- Key rotation requires planning
- Key unavailability impacts Automation account operations
Implementation
Implementation guidance coming soon.
Related recommendations
Related recommendations will be linked here.
Frameworks
Details
- Risk Level
- HIGH
- Category
- Data Encryption
- Azure Resource
- Frameworks
- 1 frameworks
- Last updated
- 2026-02-12