Share via

Can anyone give me more detailed information on Encryption at host for Virtual Machines in Azure?

Sumedh Patil 20 Reputation points
2023-06-30T07:37:10.6466667+00:00

Hi,

Currently there is recommendation form defender for cloud in Microsoft azure to enable encryption at host for virtual Linux machines. I want to implement that so what is the process for implementing this feature in virtual machine. Please let me know what the business impacts for this will be will it affect the performance of virtual machines. I need detailed information on this.

Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
7,346 questions
Azure Disk Encryption
Azure Disk Encryption
An Azure service for virtual machines (VMs) that helps address organizational security and compliance requirements by encrypting the VM boot and data disks with keys and policies that are controlled in Azure Key Vault.
162 questions
0 comments
Accepted answer
  1. TP 80,586 Reputation points
    2023-06-30T07:51:59.9566667+00:00

    Hi Sumedh,

    No negative performance impact. Advantage is that Temporary disk and Cache are encrypted in addition to OS and data disks and data traveling from host to storage is encrypted. Please see comparison chart below:

    encryption at host comparison

    Easy to implement.

    First register the feature in your subscription if you haven't already using below powershell command:

    Register-AzProviderFeature -FeatureName "EncryptionAtHost" -ProviderNamespace "Microsoft.Compute"

    Next, in the portal, Deallocate the VM, then navigate to the VM's Disks blade -- Additional settings button, select Yes for Encryption at host, click Save, then start the VM.

    encryption at host additional settings

    Screenshot of disk settings where you need to select yes:

    encryption at host enable

    Please see article below for more detailed information:

    https://learn.microsoft.com/en-us/azure/virtual-machines/disks-enable-host-based-encryption-portal

    Please click Accept Answer if the above was useful. If you have additional questions or if something I wrote is unclear add a comment.

    Thanks.

    -TP

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Deleted

    This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

    Comments have been turned off. Learn more