Enabling Azure Disk Encryption (ADE) is essential to secure your virtual machines (VMs) in Azure. This article will walk you through all the approaches to achieving this task.
Table of Contents
How to enable disk encryption in Azure Portal
Let us dive deep into those approaches individually.
Approach-1: Using Azure Portal
To enable Azure Disk Encryption, follow the below steps
1. Log in to the Azure Portal.
2. Search for the Virtual Machines and click on the Search result Virtual Machines.
3. On the Virtual Machine page, Click the Disks link from the left navigation and click the Additional settings option.
FYI, the default encryption was SSE with PMK, as shown in the screenshot below.
4. On the Disk settings window, provide the below details.
- Disks to encrypt: Choose OS and data disks or only OS disk based on your requirements.
- Key vault: You can select your existing key vault or click on the Create a new link to create a new one, which I did.
- Key: You can select an existing key or click on the Create new link to create a new one.
- Version: Select the default version, which will be created.
To create the new key vault, provide the below details
- Subscription: Select the subscription that you wish to use here.
- Resource group: You can select an existing Resource Group or click on the Create new link to create a new One.
- Key vault name: Enter a unique name for the key vault.
- Region: Select the location or region.
- Pricing tier: Select the pricing tier based on your requirements.
- Days to retain deleted vaults: Specify the required days.
Now click on the Next button.
On the Access configuration tab,
Choose Azure role-based access control (recommended) and ensure you select all three options under the Resource Access option, as highlighted below.
Then click the Review + Create button and the Create button on the next window.
To create a new key, provide the below details
- Name: Provide a unique name for the key.
- Key type: Select the key type.
- RSA key size: Select the size based on the requirement.
- Enabled: Select this option.
Finally, click on the Create button, as shown in the screenshot below.
5. Finally, On the Disk settings window, click the Save button as shown in the screenshot below.
You can click on the Go to Resource button to see the resource.
Now, navigate to the Azure Virtual machine and click on the Disks link. You can see that Encryption is set to “SSE with PMK & ADE.”
Approach-2: Using PowerShell
You can execute the PowerShell script below to encrypt the OS disk in your Azure VM.
$myRGName ='NEWRESGROUP'
$myvmName = 'AzureLessonsVM'
$myKVName = 'AzureLessonskyv'
$myKeyVault = Get-AzKeyVault -VaultName $myKVName -ResourceGroupName $myRGName
$myKeyVaultUrl = $myKeyVault.VaultUri
$myKVResourceId = $myKeyVault.ResourceId
Set-AzVMDiskEncryptionExtension `
-ResourceGroupName $myRGName `
-VMName $myvmName `
-DiskEncryptionKeyVaultUrl $myKeyVaultUrl `After executing the above command, click on the Yes button on the pop-up below.
After the execution, the script was executed successfully. Check out the screenshot below.
See the screenshot below.
Video Tutorial
You may also like the following articles below
I am Rajkishore, and I am a Microsoft Certified IT Consultant. I have over 14 years of experience in Microsoft Azure and AWS, with good experience in Azure Functions, Storage, Virtual Machines, Logic Apps, PowerShell Commands, CLI Commands, Machine Learning, AI, Azure Cognitive Services, DevOps, etc. Not only that, I do have good real-time experience in designing and developing cloud-native data integrations on Azure or AWS, etc. I hope you will learn from these practical Azure tutorials. Read more.
