In the ASC score recommendations, I'm trying to disable the following control. Meaning, that the security score of that control will not appear in the overall score:
Disk encryption should be applied on virtual machines
Pic - Security Center recommendation
- I have root level policy from the Azure management (default Security Centre policy) which has the above 'Disk encryption...' policy set to enabled.
- I created custom policy initiative->policies-> Policy: 'Disk encryption should be applied on virtual machines' -> Disabled.
- tried both: custom and built-in. (they are both the same)
In the Azure Policy UI compliance - Compliant.
However, in the Azure Security Center (ASC), still no change for the above recommendation. There are few VMs without disk encryption.
So my question, with these steps, can I increase the Security Centre score by disabling the checks for this encryption control? and can my custom policy initiative override the existing Tenant Root Group policy?
- My initiative policy assignment is on a single subscription within the same root management tenant.
Thanks,
solution: changing default ASC recommendations can be done with high level permissions on the azure policies.