This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 96%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
Hello,
i have some VM's encrypted via RSA HSM key. I want change it, but I receive this error:
"Azure Disk Encryption extension version '1.1 ' without AAD client/secret is not supported on VMs previously encrypted with AAD client/secret. "
How i could solve this issue?
Thanks
@Momo
Currently, there isn't a direct migration path for machines that were encrypted with an Azure AD app to encryption without an Azure AD app. Additionally, there isn't a direct path from encryption without an Azure AD app to encryption with an AD app.
-------------------------------
Please don’t forget to "Accept the answer" and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.
Two years ago that VM's are encrypted with an RSA HSM key. Now, if i would like to change that key, is it not possible? It's same type.
I received that error because I tried to change via:
Settings > Disks > Additional settings and Click to select a key
There is another method?
Thanks in advance
@Momo Apologies, I think I misunderstood your original question. So you wish to change/rotate your existing key which is used to encrypt the VM disks is that correct? It sounds like you are using customer managed keys with managed disks. Is that correct?
Correct! I apologize: i just got the error after my try but I missed my original scope.
Hello,
i want add another details from Overview and Activity Log:
Linux (centos 7.8.2003)
OpenLogic
V1
Eu West
"type": "AzureDiskEncryptionForLinux",
"typeHandlerVersion": "0.1"
@Momo
Apologies for the delay following up here and the inconvenience this may have caused. To rotate the CMK for your disk please try the following:
Create a new version of the key in your key vault. If you are not sure which is your key vault you can find this on the Disk Encryption Set Key page.
Navigate to your Disk Encryption Set, you can do this by clicking on SSE with CMK from the Disks Settings page.
Under Settings>Key select change key. From here you can select the new key version that you created earlier.
You have now rotated the key and updated the Disk Encryption Set to use the new key.
Let me know if you have issues or further question and I will be happy to help.
-------------------------------
Please don’t forget to "Accept the answer" and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.
No problem, really :)
What about if I don't have any Disk Encryption Sets?
Another point: my disk is encrypted as SSE with PMK