Update alz_checklist.en.json

[mbilalamjad]

Adding a check to help Architects/Engineers have an overall conversation on the encryption on Azure with customers. This is based on feedback we received.

[brsteph]

Can we change this into something that is more of a review item?

Something like "Configure encryption at rest and in transit on Key Vaults" and then linking to that specific setting. A really broad "consideration" item probably isn't the best kind of item for the check list. We are trying to capture guide lines for this here: https://github.com/Azure/review-checklists/blob/main/CONTRIBUTING.md#what-to-contribute

[igorjnzl]

I think the scope of services would be quite limited for recommendation purposes, we could add 1 or many specific ones. E.g;
Use Azure disk encryption or encryption at host for your IaaS workloads

Thoughts?

[brsteph]

Would we want guidance for IaaS workloads to be in the Landing Zone checklist?

We've talked off an on about how to handle these - should we have a separate "IaaS workload" checklist for the actual application landing zones, so that this can be geared to the Platform landing zone (and be focused on the policies deployed to govern that across workloads).

I think it gives us a smaller list here if we are focused on the Platform landing zone items specifically, and then more general IaaS or migration items could be in their own checklists. However, does that work with how this is used from in practice from the broader team?

[igorjnzl]

I see your point, the feedback we got was that there are no checks/guidance around encryption, and it was highlighted as a gap.

Might be worth having a meeting and taking this offline for a discussion?

[brsteph]

Workshop text:

Deploy policies to workload subscription management groups to manage encryption at rest on resources that support it, such as managed disk encryption and enabling TDE on SQL instances.