This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(185.6, 50%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPD%3C/text%3E%3C/svg%3E)
Hi there - I'm trying to figure out how to search all the disks that have encryption set with ADE and any other type of encryption that is support like CMK.
Thanks
@Parm Dhesi ,Just checking in to see if the below answer helped. If this answers your query, do click "Accept the answer”, which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(249.60000000000002, 98%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESP%3C/text%3E%3C/svg%3E)
Hello @Parm Dhesi ,
After looking at the additional settings for those disks (i.e. disk with SSE with PMK & ADE vs SSE with PMK) , the only different which I observed was :
for PMK with ADE - in the properties of the disk you will see diskEncryptionKey attribute
for PMK with SSE - in the properties of the disk there won't be key
Having said that , I was thinking of below modified queries to find out those types of disks
resources | where type == "microsoft.compute/disks"
| extend properties=parse_json(properties)
| where properties.encryption["type"] == "EncryptionAtRestWithPlatformKey"
| where properties.encryptionSettingsCollection["enabled"] == "true"
| project name, properties
Kindly let me know if you have additional questions !
regards,
Shiva.
@shiva patpi Thanks for your updated solution. I'll investigate and see if it works. I appreciate your efforts. P
Hello @Parm Dhesi ,
Can you try out the below steps , see if those helps !
I just tried out locally and below are the results with screen shots. Let me know if that helps or if you have any additional questions !
Go to "Azure Resource Graph Explorer" on the Azure Portal
Below query will give you all the disk details:
resources | where type == "microsoft.compute/disks"
| extend properties=parse_json(properties)
| project name, properties.encryption
////////////////////////
Below query will filter out the search based up on the criteria
resources | where type == "microsoft.compute/disks"
| extend properties=parse_json(properties)
| where properties.encryption["type"] == "EncryptionAtRestWithCustomerKey"
| project name, properties.encryption
Regards,
Shiva.
Thanks for your assistance I was only able to have results with "EncryptionAtRestWithPlatformKey" but I know I have other types of encryption enabled. Please see my attached picture. How can I query "SSE with PMK & ADE" diskes with those values.
@shiva patpi Thanks for your assistance I was only able to have results with "EncryptionAtRestWithPlatformKey" but I know I have another type of encryption enabled. Please see my attached picture. How can I query "SSE with PMK & ADE" diskes for all the VM's.
@shiva patpi were you ever able to determine this?