Recently, I was tasked with getting our Azure VMs encrypted. On traditional Windows, enabling BitLocker isn’t much of a challenge. It’s fairly easy and pain-free. I wish I could say the same about Azure Disk Encryption. After going through some hassles, I’ve recompiled documentation that actually works and should help you get disk encryption rolling.
There are a few things that need to be done in your environment first such as setting up a keyvault. There is no way to create a keyvault using the web interface and it all must be done via Powershell.
- Azure CLI
You can install this module using the following:
Windows MSI Installer:
If you’re on macOS, you can install the modules through Homebrew
brew update && brew install azure-cli
Once you have the modules installed, you’ll need to open a Powershell terminal and run the following to login:
It’s important to note that you need to be an owner of the subscription. If you’re not, you’re going to run into issues with the prerequisites script.
Now you’re ready to run the prerequisites script. You can download this script directly from here as it is verified working as of January 2019.
Run this script and follow the prompts.When you are asked to save the KeyVault details, make sure you save them to Notepad so you have them when you start encrypting.
The prerequisite script only needs to be ran once. You can either modify the script to include VMs to encrypt, or you can do them individually.
To encrypt a VM, simply run:
You will need to copy in the KeyVault details from the prerequsite script.