This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(25.6, 72%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERP%3C/text%3E%3C/svg%3E)
Hi All
We are using Azure Disk encryption on Azure, where encryption keys are stored in KeyVault, we are planning to use Private Link for our Keyvault and has below questions
1)Does ADE supports keyvault with Private Link?
2)Is it possible to deploy ADE on a VM automatically using Azure Policy with Private Link enabled keyvault?
Regards
Pratap
@Ramisetty, Pratap Firstly, apologies for the delay in responding here and any inconvenience this issue may have caused.
1) No
2) To deploy via policy I would suggest setting up an isolated (non-private-link-service) key vault for disk encryption in the same location and region as the target VM, and if the deployment included other resources using Private Link Service it could do that as well in that separate context.
Based on my understanding of Private Link Service (https://learn.microsoft.com/en-us/azure/key-vault/general/private-link-service) it introduces some new network restrictions to key vault access and is not a scenario we include in our daily test automation and validation. Azure Backup and Azure Site Recovery, common features used in conjunction with Azure Disk Encryption, and that also have integration points with a key vault for the ADE scenario, are likely similar.
As part of Azure Disk Encryption, the host retrieves keys from the key vault and needs to be able to access the key vault endpoint. If the key vault restricts access to a private network or requires outsiders to approve connection requests, that will likely break ADE and partner team solutions.
Hope this helps!
Kindly let us know if the above helps or you need further assistance on this issue.
Please don’t forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.
@Ramisetty, Pratap Just checking in to see if the above answer helped. If this answers your query, please don’t forget to "Accept the answer" and Up-Vote for the same, which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.
@Ramisetty, Pratap Just checking in to see if the above answer helped. If this answers your query, please don’t forget to "Accept the answer" and Up-Vote for the same, which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.