We have a PowerEdge R640 server that has the TPM on, that is running Server 2019 Data Center. On it are a couple VM's created with Hyper-V.
Due to HIPPA requirements, we need to protect one of the VM's from being able to be copied off the server if the whole computer or just the drive is stolen.
Would best practice be to Bitlocker the host server, which would encrypt the virtual drive files, or is it better to just encrypt the VM? I am leaning toward the first option, but wanted to see what Microsoft's thought is on this.
Outside of a bit of a performance hit, is there anything else that is of concern for doing this?
Your available tags is wanting. Could use a Bitlocker one.