How to enable Azure VM Disk Encryption

Reading Time: 3 minutes

As part of enabling Azure Disk Encryption you will be prompted to connect to or create a new Azure Key Vault. We will go through the process of enabling Azure Encryption and allowing the server access to a Key Vault.

Ensure your VM is powered on. A reboot of the VM will be required after disk encryption. Finally, ensure you have a back up of your server.

ok, let’s go through the process. Below is a screenshot of a 2019 virtual server I built earlier

Click on the VM and then click disks located on the left hand pane

Click encryption

If you receive the error below, ensure the virtual server is powered on. I had the VM set to power down every day at 7pm. Forgot to power it back on but I guess it’s good to demonstrate what you’ll see if the VM was powered down
Now that the VM is powered on, lets drop down and encrypt one of the disks. In this demo, I will be encrypting the OS disk

In the screenshot below you’ll be prompted for Key Vault details. Click ‘Select a key vault and key for encryption’

Select your Key Vault and click select

If the key vault has not been enabled for disk encryption, you will receive the message below and prompted to enable key vault for disk encryption. Click the button labelled ‘Enable key vault for disk encryption’ and click save

Note: Clicking the ‘Enable key vault for disk encryption’ button above will enable a policy within your key vault. To locate the policy, click key vaults or search from the search menu, locate and click your key vault, click access policies within the left hand pane. The option ‘Azure Disk Encryption for volume encryption’ is enabled as shown in the screenshot below. You could also enable this manually.

Click yes to confirm disk encryption process

Reboot the server when encryption has completed

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.