Windows VM Data Disk Encrypted with ADE but Encryption Status shows incorrectly in Azure

Question

I have applied ADE to my VM; both to the OS Disk and Data Disk and the encryption appears to have been applied correctly to both. However the encryption status is not being picked up correctly by Azure, in the Portal or by PowerShell command. The OS Disk is correctly being shown as having been encrypted, yet the Data Disk is showing as not encrypted.

Is there any way I can get the encryption status to update without having to start over?

Answer 1

@LibbyStainer-3390
Based off your manage-bde output, it looks like your data disk isn't being recognized since it's not in the output.

Troubleshooting steps:
1-Make sure your data disk is attached to your VM and Initialized
2-If your disk is already attached and initialized, can you make sure it's online and formatted in NTFS.
3-Once all the above is true, please re-run the encryption script using the "sequence version" variable. Keep in mind, if you used a KEK to encrypt you'll be using the KEK encryption script. All variables will remain the same as when you initially encrypted.

If this doesn't resolve your issue, can you please send the following logs and screenshots to:

AzCommunity@microsoft.com
ATTN: Data Disk ADE issue - James Tran
Body: Please include this thread link

Screenshots:
Disk management
Updated manage-bde output after you executed the script
Portal status of your disks
"BiLockerExtension.txt" - located at "C:\WindowsAzure\Logs\Plugins\Microsoft.Azure.Security.AzureDiskEncryption\"

Please let me know if you have any other questions.
Thank you for your time!

---

If any reply/answer helped resolve your question, please remember to "mark as answer" so that others in the community facing similar issues can easily find the solution.

Answer 2

Thank you, this absolutely led me to the solution. diskmgmt.msc revealed an extra disk that was not visible in Azure.
Once this was initialized everything encrypted successfully.