Encrypting Virtual Machine

This is the continuation of Azure Learning Series. In this section, we will cover encryption of virtual machines. Having said that, let’s get started.

• File in azure storage account are by default encrypted using secure storage encryption.
• But, once you able to see storage with .vhd account, that is not encrypted.
• You can use bitlocker in order to encrypt virtual disk within azure.
• Cryptography key for this is going to be stored in azure key vault.
• Therefore, first thing we need to create is key vault from market place in azure.

While creating make sure to check the checkbox against virtual machine encryption. I checked all here.

We have created our key vault. Keep in mind that inorder to encrypt VM, your key-vault and VM should be in same region. Now, let’s go ahead and click on the key link as shown on the left menu.

• You can see above, that encryption is not enabled.
• To enable encryption on this disk, we can either do it with UI or with powershell.
• Let’s do it with UI option with the name Encryption

• It may get encrypted or you may get error as well. In-case you get error, try with powershell script as well.
• For that, I will open cloud shell embedded in azure portal itself like shown below. In case, if you are configuring powershell for the first time, you need to mount storage for that as well like shown below. If

• For quick reference, you can use this doc https://docs.microsoft.com/en-us/azure/virtual-machines/linux/disk-encryption-cli-quickstart as well.
• I have modified the command with my key-vault and resource group. az vm encryption enable -g “az300″ -name “azvmdemo” -disk-encryption-keyvault “rahul-Key-Vault”

- In order to get the confirmation, execute az vm show -name “azvmdemo” -g “az300″. — This should show “EncryptionOperation”: “EnableEncryption” as well.

With this, we have completed VM encryption module.

Thanks,
Rahul Sahay
Happy Coding

Originally published at https://myview.rahulnivi.net on February 7, 2020.