azsk · Omkar-Mohite96 · Apr 21, 2025 · Apr 23, 2025 · Apr 25, 2025 · Apr 30, 2025
diff --git a/Scripts/RemediationScripts/ControlRemediationSpecification.json b/Scripts/RemediationScripts/ControlRemediationSpecification.json
@@ -568,6 +568,17 @@
                     "SubscriptionId"
                 ]
             }
+        },
+        {
+            "ControlId": "Azure_VirtualMachineScaleSet_DP_Enable_Encryption_At_Host",
+            "EnableRemediation": "true",
+            "RemediationScriptUrl": "https://raw.githubusercontent.com/azsk/AzTS-docs/main/Scripts/RemediationScripts/Remediate-EnableEncrytionAtHostForVMSS.ps1",
+            "LoadCommand": "Remediate-EnableEncrytionAtHostForVMSS.ps1",
+            "InitCommand": "Enable-EncrytionAtHost",
+            "RollbackMetadata": {
+                "RollbackCommand": "Disable-EncrytionAtHost",
+                "Arguments": ["SubscriptionId", "Path"]
+            }
         }
     ]
 }
diff --git a/Scripts/RemediationScripts/ControlsEligibleForRemediationThroughUI.md b/Scripts/RemediationScripts/ControlsEligibleForRemediationThroughUI.md
@@ -87,6 +87,8 @@
 
 43. [Azure_AISearch_AuthN_Use_Managed_Service_Identity](ControlsEligibleForRemediationThroughUI.md#43-Azure_AISearch_AuthN_Use_Managed_Service_Identity)
 
+43. [Azure_AISearch_AuthN_Use_Managed_Service_Identity](ControlsEligibleForRemediationThroughUI.md#43-Azure_VirtualMachineScaleSet_DP_Enable_Encryption_At_Host)
+
 <br />
 ___
 
@@ -648,3 +650,14 @@ Managed Service Identity (MSI) must be used in Azure AI Search
 Contributor or higher privileged role on Subscription.
 ___
 
+## 44. Azure_VirtualMachineScaleSet_DP_Enable_Encryption_At_Host
+
+### Display Name
+Encryption at Host must be enabled for Virtual machine scale sets and underlying Virtual machines in flexible orchestration mode.
+
+### Link to Bulk Remediation Script (BRS)
+[Remediate-EnableEncrytionAtHostForVMSS.ps1](Remediate-EnableEncrytionAtHostForVMSS.ps1)
+
+### Minimum permissions required to run the script
+Contributor or higher privileged role on Subscription.
+___
diff --git a/Scripts/RemediationScripts/Readme.md b/Scripts/RemediationScripts/Readme.md
@@ -1555,6 +1555,25 @@ Yes
 ### Supports rollback?
 Yes
 
+___
+
+## 76. Azure_VirtualMachineScaleSet_DP_Enable_Encryption_At_Host
+
+### Display Name
+This script is used to Enable Encryption at Host for Virtual machine scale sets and underlying Virtual machines in flexible orchestration mode.
+
+### Link to Bulk Remediation Script (BRS)
+[Enable-EncrytionAtHost](Remediate-EnableEncrytionAtHostForVMSS.ps1)
+
+### Minimum permissions required to run the script
+Contributor or higher privileged role on Subscription.
+
+### [Supports managed identity](Readme.md#supports-managed-identity-based-remediations) based remediation
+Yes
+
+### Supports rollback?
+Yes
+
 ---
 ## Supports managed identity based remediations
 Both System assigned and User assigned managed identities are supported.