Rotating ADE KEK, adds two new secrets (Wrapped BEKs) for the same VM
Hello All, We enabled ADE for OS+DATA disk for two VMs (RHEL8 - with no data disk attached) with same KEK, using az vm encryption enable -n vmname -g rsgrp --key-encryption-key kek --disk-encryption-keyvault keyvault-name --volume-type ALL…
application gateway and encryption aks
I have 2 very simple questions, but I don't know them. 1.- How do I know which version (v1 or v2) of application gateway I have configured? It just says: SKU: Standard 2.- AKS uses "encryption at-rest with a platform-managed key" by…
Azure Disk Encryption SSE + PMK - Attached to other VM
¿If I have the right permissions to do it , the other virtual machine can access to the data? Example: same region, subscription, resource group Thanks and Best Regards
Is there a performance impact to storage accounts with infrastructure encryption enabled for double encryption of data ?
Hi All, I am thinking about enabling a storage account with infrastructure encryption enabled for double encryption of data to support a new file server that I am planning to migrate. I am curious to know if there would be a significant…
Please tell me which is the right way of doing disk encryption in azure windows vm.
Could you please tell me is it a right way of doing disk encryption From the vm -> Under disks section go to the disks -> open the disk -> Under settings, Encryption -> changing the encryption type and saving it. Is it a right way of doing…
Getting "Caller needs data action" while enabling Azure Disk Encryption on Windows VM.
Hello All, I am getting below error while trying to enable Azure Disk Encryption for my VM. I tried with recreating VM and Key Vault both but still getting same issue. I do have full rights in Key Vault access policy and its also enabled for…
Double Encryption of the storage account after creation
Hi, Is it possible to enable the double encryption of the infrastructure (Storage account) after it has been created already) we don't want to delete files but just implement a double encryption on the already created storage
Disk Encryption is not working properly in Linux VM, root folder changed to ‘/oldroot folder and unexpected behavior
Hi Team, I have enabled disk encryption for one of my Linux VM in Azure. After some time I am facing the following issues in the servers, Problems: The root '/' is been changed as '/oldroot' 2) All the user "/home" directory is been…
Azure Disk Encryption /boot partition too small
Hi, We have enabled ADE (both OS and data disks) on our Ubuntu 20.04 Virtual Machines. After a few months we noticed that our VMs started crashing due to lack of space on /boot partition. On standard VM /boot directory is under root filesystem (30GB) and…
Encrypt Linux machine in Azure
Good evening everyone. We need to encrypt Linux machines running in Azure (all of them CentOS). Some of them are B1ls/B1s type instances, all of them have only OS drive. Due to prerequisites described in article…
Is there anyware azure can recover disk/VM data?
Recently my azure windows VM got infected by MedusaLocker ransomware and all files are encryted. I don't have any backup or snapshot, Is there anyway azure have backup of disk or VM itself. kindly help me recover my data if anyone knows.
Azure VMs Bulk disk encryption for a resource group
Hi Team, I've a requirement of enabling disk encryption of more than 80 VM's in a resource group. so there any possible way to enable disk encryption in bulk rather than going one by one. Like using PowerShell and key Vault KEK method. Additionally,…
Azure VM scale set boot is blocked by bitlocker
Hi all, I'm creating a VM scale set from a captured image of a VM that I pre-configured. Basic windows OS with some scripts and data pre-installed. When I created the scale set all the VM's are blocked by bitlocker asking for USB insertion. There…
auto-encrypt file in azure storage but don't want plain file when download. Want user to decrypt locally with admin provided key
We have a case where we want to upload plain File and want azure to auto-encrypt in azure storage but we don't want it to auto decrypt while user download. We want user to decrypt locally. We are planning to provide key to each company computer and…
Enabled VM Disk Encryption but some disks are not encrypted
I enabled Azure disk encryption on the VM for OS and data disks but some disks for the VM do not show encrypted. Is there any way I can force encryption on a single disk with VM encryption enabled?
How to enable Azure Disk Encryption Windows Failover cluster disk
hello Everyone, I have a requirement which I need to apply Azure Disk Encryption on all the virtual machine disks, while this is a straight forward process; however I am not able to apply ADE on cluster disk (a shared disk between two cluster machines,…
Use Encryption at Host on VM using Managed disk
Hi Experts, We are currently using managed disks on Azure which by default provides SSE with PMK. The requirement is to have End to End encryption, hence we would be choosing Encryption at Host option. Questions What happens to the existing…
Attached data disks not getting encrypted for linux VM
Hello Guys, I have deployed linux VM of size E16s_v3. Also a data disk of size 256Gb was attached. BYOK (Basically Customer managed keys) was used to encrypt the VM. But at the end only VM OS disk was encrypted and attached data disks wasn't encrypted.…
What are the Microsoft Recommended GPO's for handling Azure Disk Encryption Recovery Keys for Windows?
Hello. I have a Windows Server 2016 VM that is Domain Joined within Azure. I'm wondering what are the Microsoft recommended ADDS GPO's for Azure Disk Encryption to handle the recovery keys with the following below I'm considering based on my research: …
Azure Disk Encryption Extension Fails
Hi, I am having issues with ADE extension on our Azure VMs. After the installation of the extension, everything looks good, disks are encrypted etc. But during the backup operations, using Azure Backup, ADE extension starts throwing error message. Disks…