As part of enabling Azure Disk Encryption you will be prompted to connect to or create a new Azure Key Vault. We will go through the process of enabling Azure Encryption and allowing the server access to a Key Vault.
Ensure your VM is powered on. A reboot of the VM will be required after disk encryption. Finally, ensure you have a back up of your server.
ok, let’s go through the process. Below is a screenshot of a 2019 virtual server I built earlier
Click on the VM and then click disks located on the left hand pane
If you receive the error below, ensure the virtual server is powered on. I had the VM set to power down every day at 7pm. Forgot to power it back on but I guess it’s good to demonstrate what you’ll see if the VM was powered down
Now that the VM is powered on, lets drop down and encrypt one of the disks. In this demo, I will be encrypting the OS disk
In the screenshot below you’ll be prompted for Key Vault details. Click ‘Select a key vault and key for encryption’
Select your Key Vault and click select
If the key vault has not been enabled for disk encryption, you will receive the message below and prompted to enable key vault for disk encryption. Click the button labelled ‘Enable key vault for disk encryption’ and click save
Note: Clicking the ‘Enable key vault for disk encryption’ button above will enable a policy within your key vault. To locate the policy, click key vaults or search from the search menu, locate and click your key vault, click access policies within the left hand pane. The option ‘Azure Disk Encryption for volume encryption’ is enabled as shown in the screenshot below. You could also enable this manually.
Click yes to confirm disk encryption process
Reboot the server when encryption has completed