Friday, April 26

Recently, I was tasked with getting our Azure VMs encrypted. On traditional Windows, enabling BitLocker isn’t much of a challenge. It’s fairly easy and pain-free. I wish I could say the same about Azure Disk Encryption. After going through some hassles, I’ve recompiled documentation that actually works and should help you get disk encryption rolling.

Azure Prerequisites

There are a few things that need to be done in your environment first such as setting up a keyvault. There is no way to create a keyvault using the web interface and it all must be done via Powershell.

Required modules:

  • Azure CLI

You can install this module using the following:

Windows MSI Installer:

If you’re on macOS, you can install the modules through Homebrew

brew update && brew install azure-cli

 

Once you have the modules installed, you’ll need to open a Powershell terminal and run the following to login:

Connect-AzureRmAccount

It’s important to note that you need to be an owner of the subscription. If you’re not, you’re going to run into issues with the prerequisites script.

Now you’re ready to run the prerequisites script. You can download this script directly from here as it is verified working as of January 2019.

Run this script and follow the prompts.When you are asked to save the KeyVault details, make sure you save them to Notepad so you have them when you start encrypting.

The prerequisite script only needs to be ran once. You can either modify the script to include VMs to encrypt, or you can do them individually.

Encrypting

To encrypt a VM, simply run:

Set-AzureRmVmDiskEncryptionExtension

You will need to copy in the KeyVault details from the prerequsite script.

That’s it!

Share.

About Author

Hi! I'm Travis and I love technology.

Leave A Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.