I am trying to check the Infrastructure encryption status via powershell. Here is the screenshot Encryption
I referenced this doc("https://docs.microsoft.com/en-us/azure/storage/common/infrastructure-encryption-enable?tabs=portal") and tried the below script but didn't get any result.
$account = Get-AzStorageAccount -ResourceGroupName ` -StorageAccountName $account.Encryption.RequireInfrastructureEncryption
Is there a way to see if the Infrastructure encryption is enabled or disabled?
Thank you
From that docs, there are two kinds of encryption levels for Azure storage account, at the service level and at the infrastructure level. By default, Azure Storage automatically encrypts all data in a storage account at the service level using 256-bit AES encryption, customers who require higher levels of assurance that their data is secure can also enable 256-bit AES encryption at the Azure Storage infrastructure level.
To doubly encrypt your data, you must first create a storage account that is configured for infrastructure encryption.
In this case, if you have not enabled the infrastructure encryption, you could see the "requireInfrastructureEncryption": null with Azure CLI.
az storage account show --name <storage-account> --resource-group <resource-group>
To Verify that infrastructure encryption is enabled, you could Register to use infrastructure encryption,
Register-AzProviderFeature -ProviderNamespace Microsoft.Storage `
-FeatureName AllowRequireInfraStructureEncryption
Create an account with infrastructure encryption enabled,
New-AzStorageAccount -ResourceGroupName <resource_group> `
-AccountName <storage-account> `
-Location <location> `
-SkuName "Standard_RAGRS" `
-Kind StorageV2 `
-RequireInfrastructureEncryption
Then you can Verify that infrastructure encryption is enabled with the PowerShell scripts.
$account = Get-AzStorageAccount -ResourceGroupName <resource-group> `
-StorageAccountName <storage-account>
$account.Encryption.RequireInfrastructureEncryption
