Feature Request - Policy FileServices SMB Security

[aw-pds]

Describe the feature end to end, including deployment scenario details under which the feature would occur.

We are trying to apply the 2 policies

Deny-FileServices-InsecureSmbChannel
Deny-FileServices-InsecureSmbVersions

It appears by MS design, if a storage account is created with maximum compatibility, the values within protocolSettings.smb are null.
Is there a way for these policies to be updated to cater for this situation please?

Why is this feature important. Describe why this would be important for your organization and others. Would this impact similar orgs in the same way?

At present, the policy being applied to our storage accounts is showing deny of AES-128-CCM and AES-128-GCM as compliant, as the policy is unable to read these values due to the platform having them as null.

Please provide the correlation id associated with your error or bug.

xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

Can you describe any alternatives that you have taken since this feature does not exist?

If we could have the policy applying the deny correctly, to prevent customers creating insecure file services accounts please

Feature Implementation

Check previous GitHub issues

• I have searched the issues for this item and found no duplicate

Code of Conduct

• I agree to follow this project's Code of Conduct

[oZakari]

Hi @aw-pds, I think this is a valid ask and will transition this to the Enterprise-Scale repo to see if @Springstone can incorporate.

[Springstone]

@aw-pds thanks for reporting. We'll add to the backlog and investigate how we can remediate the issue for the next refresh.
#ab41337