In this article, we will see how to encrypt Azure VM disk. Encryption of virtual machines is now a compliance requirement, and all businesses are using one method or another to encrypt their servers.
Azure Disk Encryption assists in the protection and safeguarding of your data to meet your organisational security and compliance commitments. It makes use of Windows' Bitlocker and Linux's DmCrypt features. It also works with Azure Key Vault to help you control and manage disc encryption keys and secrets, and it ensures that all data on VM discs is encrypted at rest while in Azure storage.
Before you continue with this article make sure you have one small size VM and a basic Azure Key-Vault is already provisioned in the same region. I have one Windows VM ready with me.
Once I connect to the VM, you can see VM disks are un-encrypted.
Now, we will create Azure Key-Vault and will define the policy. Go to your Azure Key-Vault resource in click on Access Policies and click on the User name.
Now, here we are going to “Encrypt” and “Decrypt” for Cryptographic Operations. So for that, select the User and click on Edit.
Now, click on Access Configuration option for the key-vault and enable Azure Disk Encryption for volume encryption and click on “Apply”.
Now, we will encrypt the VM with the help of Azure CLI.
The command to encrypt the VM is:
az vm encryption enable -g -n --disk-encryption-keyvault
Once the command is successfully executed, you can see, in the VM, disks are having lock icon on it.