Azure Disk Encryption Set pattern-based discovery

  • Release version: Xanadu
  • Updated June 16, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Azure Disk Encryption Set pattern-based discovery

    The Azure Disk Encryption Set pattern enables ServiceNow customers to discover and map Azure Disk Encryption Sets within their cloud environments using the Discovery and Service Mapping Patterns application. This pattern-based discovery facilitates the population of detailed data into both CMDB and non-CMDB tables, helping you maintain accurate asset and configuration records for Azure encryption resources.

    Show full answer Show less

    To use this capability effectively, customers must ensure Microsoft Azure discovery prerequisites are met and activate the relevant pattern, which is disabled by default. The pattern supports discovery of Azure GovCloud (US) accounts through specific configuration of the Azure service account with a datacenter URL.

    Configuration and Activation

    • Prerequisites: Verify Azure discovery prerequisites as detailed in the Microsoft Azure Cloud components discovery documentation.
    • Pattern Activation: Starting with Visibility Content version 6.28.0, enabling or disabling the pattern is streamlined and does not count as customization, allowing for automatic updates and resetting to the latest version after upgrades.
    • Discovery Schedule: Configure schedules to support Azure GovCloud by specifying the appropriate datacenter URL during service account setup.

    Data Management and Tables

    The discovery pattern populates two types of tables:

    • Non-CMDB Tables: The Azure - Disk Encryption Set - Extended Inventory (LP) pattern populates non-CMDB tables accessible via All > Configuration > Azure or by searching the pattern name. Key fields include encryption type, identity type (e.g., SystemAssigned, UserAssigned), key URL, location, object ID, provisioning state, resource group, tenant ID, and references to the Cloud Resource table.
    • CMDB Tables: Data is also populated in the Cloud Resource [cmdbcicmpresource] table with fields such as install status, location, name, object ID, operational status, and resource type (set to microsoft.compute/diskencryptionsets).

    CI Relationships

    The pattern establishes key relationships to maintain configuration integrity:

    • Resource Group contains the Cloud Resource.
    • Cloud Resource is hosted on Azure Datacenter.
    • Azure Disk Encryption Set references the Cloud Resource record.

    Azure Tag Discovery

    The pattern collects Azure tags associated with the Disk Encryption Set and stores them in the Key Value [cmdbkeyvalue] table, capturing tag names and values to enhance resource metadata and filtering capabilities.

    Practical Benefits

    By implementing this pattern-based discovery, ServiceNow customers can automate accurate tracking and reporting of Azure Disk Encryption Sets, improve security posture visibility, and maintain up-to-date CMDB data to support IT operations and compliance initiatives.

    Discovery and Service Mapping Patterns finds Azure services on your cloud environment. Discovering some of these resources may require updating to the latest version of the Discovery and Service Mapping Patterns application from the ServiceNow Store.

    Pattern-based discovery and mapping requirements

    Verify the Microsoft Azure discovery prerequisites
    For more information, see the prerequisites section in Microsoft Azure Cloud components discovery using patterns.
    Enable the relevant pattern
    The pattern for this service is disabled by default. Starting with Visibility Content version 6.28.0, activating or deactivating a pattern won't be considered a customization, and it will continue to receive updates. Patterns that were previously activated or deactivated will reset to the latest predefined version after upgrading while retaining the last active field value. For more information on enabling patterns, see Activate a disabled pattern.
    Configure the Discovery schedule to support GovCloud
    Discovering Azure GovCloud (US) accounts requires using a datacenter URL when setting up an Azure service account. For more information, see Set up Azure service accounts.

    Discovery and Service Mapping Patterns application populates data in both CMDB and non-CMDB tables.

    Data stored in non-CMDB tables

    Discovery and Service Mapping Patterns application populates data in the non-CMDB table when running the Azure - Disk Encryption Set - Extended Inventory(LP) pattern.

    You can review the non-CMDB Azure tables by navigating to All > Configuration > Azure. You can also search the navigation filter for the specific pattern name.

    Table 1. Azure Disk Encryption Set [cmdb_azure_disk_encryption_set_disk_encryption_set]
    Field Description
    Encryption Type [encryption_type] The method used to encrypt the resource data.
    Identity type [identity_type] The classification of the identity assigned to the resource. For example: SystemAssigned or UserAssigned.
    Key Url [key_url] The URL where the encryption key is stored or accessible.
    Location [location] The geographic region where the resource is deployed.
    Object Id [object_id] The unique identifier of the resource.
    Provisioning State [provisioning_state] The current status of the resource provisioning process.
    Resource Group [resource_group] Name of the resource group.
    Tenant Id [tenant_id] The identifier for the tenant that owns the resource.
    Configuration Item [configuration_item] References the Cloud Resource [cmdb_ci_cmp_resource] table.

    Data stored in CMDB tables

    Discovery and Service Mapping Patterns application populates data in the CMDB when running the Azure - Disk Encryption Set - Extended Inventory(LP) pattern.

    Table 2. Cloud Resource [cmdb_ci_cmp_resource]
    Field Description
    Install Status [install_status] Install status of the resource. Default value is Installed.
    Location [location] The geographic region where the resource is deployed.
    Name [name] The name of the resource.
    Object ID [object_id] The unique identifier of the resource.
    Operational status [operational_status] Operational status of the resource. Default value is Operational.
    Resource type [resource_type] Type of resource. The value is set to microsoft.compute/diskencryptionsets.

    CI relationships

    The pattern creates these relationships to support discovery.

    CI Relationship CI
    Resource Group [cmdb_ci_resource_group] Contains::Contained by Cloud Resource [cmdb_ci_cmp_resource]
    Cloud Resource [cmdb_ci_cmp_resource] Hosted on::Hosts Azure Datacenter [cmdb_ci_azure_datacenter]
    Azure Disk Encryption Set [cmdb_azure_disk_encryption_set_disk_encryption_set] References Cloud Resource [cmdb_ci_cmp_resource]

    Azure tag discovery

    The pattern collects tags and populates them in the Key Value [cmdb_key_value] table.
    Table 3. Key Value [cmdb_key_value]
    Field Description
    Key [key] Tag name.
    Value [value] Tag value.