This is my scenerio
I have a VM that is encrypted. I remove the encryption from the drives and remove the encryption extension.
I then need later want to restore the VM from a time when it was still encrypted. The restore prompts me that the drive was encrypted and I can only restore the disk which is as expected. I do that and the disk is restored. The next step is to deploy the template. On the restore page the Encryption Info Blob Name is there and if i check the json it points to with storage explorer, i can see it has all the details needed to get the wrapped bek from the key vault.
If i then deploy the template a restore the VM. The VM will not boot. The disk doesnt show ADE, it appears the restored VM doesnt know the disk is encrypted and doesnt try to go a fetch the key from the vault.
I can go through a lengthy process of adding the drives to a recovery VM, recovery the BEK file, unencrypting the drive and then creating a new VM but this takes a long time with large drives
Just to note if i do the same process with an encrypted VM that was never unencrypted, it restores fine. The problem only arises if I have unencrypted a VM first and then later want to restore the VM from a point in time when it was still encrypted.
Also to be clear the keyvault with the wrapped bek is available