dazfuller/EnableStorageAccountEncryption.ps1

## EnableStorageAccountEncryption.ps1
<#
    .DESCRIPTION
        A runbook which finds storage accounts without encryption services enabled and
        enables them
    .NOTES
        AUTHOR: @dazfuller
        LASTEDIT: Jan 11, 2017
#>

workflow EnableStorageAccountEncryption
{
    $connectionName = "AzureRunAsConnection"

    try
    {
        $servicePrincipalConnection = Get-AutomationConnection -Name $connectionName

        "Logging into Azure..."
        Login-AzureRmAccount `
            -ServicePrincipal `
            -TenantId $servicePrincipalConnection.TenantId `
            -ApplicationId $servicePrincipalConnection.ApplicationId `
            -CertificateThumbprint $servicePrincipalConnection.CertificateThumbprint
    }
    catch
    {
        if (!$servicePrincipalConnection)
        {
            $errorMessage = "Connection $connectionName not found."
            throw $errorMessage
        }
        else
        {
            Write-Error -Message $_.Exception
            throw $_.Exception
        }
    }

    # Get resource groups
    $resourceGroups = Get-AzureRmResourceGroup

    ForEach -Parallel ($resourceGroup in $resourceGroups)
    {
        # Get storage accounts for the resource group
        $storageAccounts = Get-AzureRmStorageAccount -ResourceGroupName $resourceGroup.ResourceGroupName

        ForEach ($storageAccount in $storageAccounts)
        {
            # If the storage account does not have encryption services enabled then enable them
            if ($storageAccount.Encryption -eq $null)
            {
                Write-Output "Enabling encryption services for $($storageAccount.Id)"
                Set-AzureRmStorageAccount -Name $storageAccount.StorageAccountName -ResourceGroupName $resourceGroup.ResourceGroupName -EnableEncryptionService Blob
            }
        }
    }
}
	<#
	.DESCRIPTION
	A runbook which finds storage accounts without encryption services enabled and
	enables them
	.NOTES
	AUTHOR: @dazfuller
	LASTEDIT: Jan 11, 2017
	#>

	workflow EnableStorageAccountEncryption
	{
	$connectionName = "AzureRunAsConnection"

	try
	{
	$servicePrincipalConnection = Get-AutomationConnection -Name $connectionName

	"Logging into Azure..."
	Login-AzureRmAccount `
	-ServicePrincipal `
	-TenantId $servicePrincipalConnection.TenantId `
	-ApplicationId $servicePrincipalConnection.ApplicationId `
	-CertificateThumbprint $servicePrincipalConnection.CertificateThumbprint
	}
	catch
	{
	if (!$servicePrincipalConnection)
	{
	$errorMessage = "Connection $connectionName not found."
	throw $errorMessage
	}
	else
	{
	Write-Error -Message $_.Exception
	throw $_.Exception
	}
	}

	# Get resource groups
	$resourceGroups = Get-AzureRmResourceGroup

	ForEach -Parallel ($resourceGroup in $resourceGroups)
	{
	# Get storage accounts for the resource group
	$storageAccounts = Get-AzureRmStorageAccount -ResourceGroupName $resourceGroup.ResourceGroupName

	ForEach ($storageAccount in $storageAccounts)
	{
	# If the storage account does not have encryption services enabled then enable them
	if ($storageAccount.Encryption -eq $null)
	{
	Write-Output "Enabling encryption services for $($storageAccount.Id)"
	Set-AzureRmStorageAccount -Name $storageAccount.StorageAccountName -ResourceGroupName $resourceGroup.ResourceGroupName -EnableEncryptionService Blob
	}
	}
	}
	}