• Dana Epp

How to encrypt your VM disks in Azure

If you are running infrastructure in Azure you really should be taking advantage of Azure Disk Encryption. It leverages Bitlocker for Windows machines and dm-crypt for Linux machines to provide full disk encryption of your cloud workloads, backed with secure cipher key management with Azure Key Vault.

Details on how to enable Azure Disk Encryption can be found here.

As a summary though, you basically:

  • Obtain and run the Azure disk encryption prerequisites configuration script

  • Run the Azure disk encryption prerequisites PowerShell command

  • Encrypt the Azure virtual machine

  • Profit!

In the end, if you have the prereqs its really nothing more than calling the Set-AzureRmVMDiskEncryptionExtension() PowerShell cmdlet.

Crazy eh? Why WOULDN'T you just do this on all your VMs?

Oh... I know why. Its a bit trickier if you plan to use this with Azure Backup & Recovery. In that case, you need to use Key Encryption Keys. You can find more information on how to do that here.

Stay safe. Encrypt the bits!