Share via

Changing an existing disk encryption set to double encryption

MrFlinstone 501 Reputation points
2023-11-28T00:00:44.7+00:00

I have got existing Azure disk encryption sets and I was wondering if it is possible to change this to use double encryption that is to use a platform managed key and a customer managed key, currently it is set to customer managed key only.

If it is possible to change, I would like to understand the steps to change the encryption configuration and what the implications are.

Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
2,731 questions
Azure Disk Encryption
Azure Disk Encryption
An Azure service for virtual machines (VMs) that helps address organizational security and compliance requirements by encrypting the VM boot and data disks with keys and policies that are controlled in Azure Key Vault.
162 questions
0 comments
Accepted answer
  1. TP 78,271 Reputation points
    2023-11-28T14:42:56.3333333+00:00

    Hi,

    To switch to double encryption you will need to create a new disk encryption set configured with double encryption, grant access to key vault, stop the VM(s), associate the disk(s) with the new disk encryption set, start the VM(s).

    Please note double encryption currently isn't supported with Premium SSD v2 or Ultra disks.

    Use the Azure portal to enable double encryption at rest for managed disks

    https://learn.microsoft.com/en-us/azure/virtual-machines/disks-enable-double-encryption-at-rest-portal

    Please click Accept Answer and upvote if the above was helpful.

    Thanks.

    -TP

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest