Added extra hardening security

Azure · Nov 25, 2024 · 3226b45 · 3226b45
1 parent 4b787f1
commit 3226b45
Showing 1 changed file with 22 additions and 0 deletions.
diff --git a/sdk/healthdataaiservices/azure-health-deidentification/test-resources.bicep b/sdk/healthdataaiservices/azure-health-deidentification/test-resources.bicep
@@ -37,6 +37,28 @@ resource storageAccount 'Microsoft.Storage/storageAccounts@2022-05-01' = {
   kind: 'StorageV2'
   properties: {
     minimumTlsVersion: 'TLS1_2'
+
+    accessTier: 'Hot'
+    supportsHttpsTrafficOnly: true
+    allowBlobPublicAccess: false
+    allowCrossTenantReplication: false
+    allowSharedKeyAccess: false
+
+    encryption: {
+      services: {
+        blob: {
+          enabled: true
+          keyType: 'Account'
+        }
+        file: {
+          enabled: true
+          keyType: 'Account'
+        }
+      }
+      requireInfrastructureEncryption: true
+      keySource: 'Microsoft.Storage'
+    }
+
     networkAcls: {
       bypass: 'AzureServices'
       defaultAction: 'Deny'