Package version:

Interface DeploymentSecuritySettings

The SecuritySettings of AzureStackHCI Cluster.

interface DeploymentSecuritySettings {
    bitlockerBootVolume?: boolean;
    bitlockerDataVolumes?: boolean;
    credentialGuardEnforced?: boolean;
    driftControlEnforced?: boolean;
    drtmProtection?: boolean;
    hvciProtection?: boolean;
    sideChannelMitigationEnforced?: boolean;
    smbClusterEncryption?: boolean;
    smbSigningEnforced?: boolean;
    wdacEnforced?: boolean;
}

Index

Properties

bitlockerBootVolume? bitlockerDataVolumes? credentialGuardEnforced? driftControlEnforced? drtmProtection? hvciProtection? sideChannelMitigationEnforced? smbClusterEncryption? smbSigningEnforced? wdacEnforced?

Properties

`Optional`bitlockerBootVolume

bitlockerBootVolume?: boolean

When set to true, BitLocker XTS_AES 256-bit encryption is enabled for all data-at-rest on the OS volume of your Azure Stack HCI cluster. This setting is TPM-hardware dependent.

`Optional`bitlockerDataVolumes

bitlockerDataVolumes?: boolean

When set to true, BitLocker XTS-AES 256-bit encryption is enabled for all data-at-rest on your Azure Stack HCI cluster shared volumes.

`Optional`credentialGuardEnforced

credentialGuardEnforced?: boolean

When set to true, Credential Guard is enabled.

`Optional`driftControlEnforced

driftControlEnforced?: boolean

When set to true, the security baseline is re-applied regularly.

`Optional`drtmProtection

drtmProtection?: boolean

By default, Secure Boot is enabled on your Azure HCI cluster. This setting is hardware dependent.

`Optional`hvciProtection

hvciProtection?: boolean

By default, Hypervisor-protected Code Integrity is enabled on your Azure HCI cluster.

`Optional`sideChannelMitigationEnforced

sideChannelMitigationEnforced?: boolean

When set to true, all the side channel mitigations are enabled

`Optional`smbClusterEncryption

smbClusterEncryption?: boolean

When set to true, cluster east-west traffic is encrypted.

`Optional`smbSigningEnforced

smbSigningEnforced?: boolean

When set to true, the SMB default instance requires sign in for the client and server services.

`Optional`wdacEnforced

wdacEnforced?: boolean

WDAC is enabled by default and limits the applications and the code that you can run on your Azure Stack HCI cluster.

Interface DeploymentSecuritySettings

Index

Properties

Properties

OptionalbitlockerBootVolume

OptionalbitlockerDataVolumes

OptionalcredentialGuardEnforced

OptionaldriftControlEnforced

OptionaldrtmProtection

OptionalhvciProtection

OptionalsideChannelMitigationEnforced

OptionalsmbClusterEncryption

OptionalsmbSigningEnforced

OptionalwdacEnforced

Settings

`Optional`bitlockerBootVolume

`Optional`bitlockerDataVolumes

`Optional`credentialGuardEnforced

`Optional`driftControlEnforced

`Optional`drtmProtection

`Optional`hvciProtection

`Optional`sideChannelMitigationEnforced

`Optional`smbClusterEncryption

`Optional`smbSigningEnforced

`Optional`wdacEnforced