How to enable key vault permission for disk encryption set using Azure Python SDK API calls?
I am setting up disk encryption using a key vault, but I'm unable to grant permission to the key vault after creating the Disk Encryption Set (DES). The overview section of the DES shows a warning that reads: "To associate a disk, image, or snapshot…
VM protected with ADE and the key in Key Vault expires - expected outcome?
Hello, We have Azure Disk Encryption enabled on our VMs. The encryption key is stored in an Azure key vault and there is a corporate policy that keys and secrets must have expiry dates. I tested to see what would happen to a VM when the key expired. The…
Az Powershell to get disk encryption is pmk or cmk
The azure vm disk can be cmk or pmk encrypted. Which azure powershell command let's me find the disk encryption type is pmk or cmk. (Note - i am only bothered about pmk and cmk encryption and not other encryption)
Is UEFI lock required for Encrypted Azure VM
Hello, We are asked to apply a New Security Control –“ Protective Process Light for LSASS should be enabled with a UEFI lock.” We are using Gen2 Azure Windows Server 2019 and selected 'Standard' as security type when the VMs were created. The OS disk has…
Facing error while encrypting a VM os and data disk using ADE
Facing error while encrypting a virtual machine(windows server 2016) disk through ADE. Although have given all the access roles to the key vaults and also enabled the desired permssions in vault access policy and all the resource access for vault but…
Error creating a azurerm_storage_encryption_scope for a storage account with terraform
Hi all i am working on a terraform script for creating my infra on azure. i am facing some issue. i want to set encryption_scope for my storage container but i don't find any reference for setting for storage container. i found the reference for…
Deleting multiple unattached azure disks in bulk
My question is broken into two sections, related to Azure disks that are unattached/ no owner. 1s question: Besides using the Azure portal to check which disks have no owner associated with them, is there another way I can check or run a script for…
Azure Files failing transactions
We have recently configured Azure Files and successfully migrated one of our many department directories. We are experiencing no significant issues and no user complaints to this point. As part of the configuration we enabled Diagnostic Settings…
Storage account - Infrastructure level encryption
Hello, I want to create a storage account and enable infrastructure encryption. From MS documentation is states that: "Infrastructure-level encryption **relies on Microsoft-managed keys and always uses a separate key.**"…
Serviso gratuito 12 meses
Ola, me cadastrei na Microsoft azure a 1 mes aproximado venho utilizando a maquina, no inicio me falava que eu tinha 12 meses de acesso gratuito, mas acabou que recebi uma mensagem falando que acabou meus créditos, oque preciso fazer ?
Offline time window when enabling Encryption at Host
Good morning, i have a question regarding enabling Encryption at Host. Currently i have the option to enable it, but the VM must be offline, so i am wondering what is the time that machine has to be offline while this process is executing? What does it…
Azure Disk encryption on Azure virtual desktop
we already enabled ADE on Azure VMs disks based on CloudCheckR tool recommendations. But now, we need suggestions whether we should also enable ADE (Azure Disk Encryptions) on AVD (Azure Virtual Desktops)? Or not required if any justification, since…
Do Enabling Customer Managed Keys will have any effect while accessing data using SAS keys?
We are trying to implement customer managed keys in storage accounts. So i do understand that we might have to make few code changes while connecting to Storage account as mentioned in the article…
Azure Disk Encryption - Failing due to SSL/TLS secure connection
Hi All, Our Azure Disk Encyrption keeps failing to due to an error saying a secure SSL/TLS connection could not be established, from my troubleshooting it seems it is our proxy that is causing it to fail as once uninstalled it works fine. Does anyone…
SERVER SIDE ENCRYPTION - PMK TO CMK
We have several linux azure VMs and storage accounts with SSE encryption being Platform managed keys. The existing infra built using terraform. Now we are planning to convert all managed disks and storage accounts to SSE CMK. The question is, Does pmk to…
What does "SSE with PMK & ADE" mean?
I understand what Server Side Encryption and Azure Disk Encryption mean and how you can turn them on. I don't understand that when I turn on the ADE (BitLocker) for a (windows) VM's OS disk, the OS disk encryption says "SSE with PMK &…
Azure Policy to remediate/Enforce "Encryption at Host"
Hello Community, I observe the in built Azure Policy here to audit VMs for "encryption at host" setting(end to end encryption using PMK or CMK). "Virtual machines and virtual machine scale sets should have encryption at host…
Can we add "Disk Encryption Set" managed Identity to AD groups
As part of implementing Managed Disks SSE-CMK, we are planning to associate/add "Disk Encryption Set "managed Identity to Azure security AD groups. Is it possible? As per my knowledge I can do this with user managed Identity, but would like to…
What RSA Size should i use to enable ADE on Azure VMs?
Hi, When i try to enable ADE on our Azure Virtual Machines they keep failing due to an error: VM has reported a failure when processing extension 'AzureDiskEncryption'. Error message: "[2.3.0.0] Failed to enable Azure Disk Encryption on the VM with…
How to update a generalized disk in Azure VM
I am facing an issue where I am unable to upgrade the disk size of my generalized VM through the Azure portal. The portal does not show me the update option under the disk section. I have tried using az-cli, but I am encountering permission issues and…