Quickstart: Create and encrypt a Windows virtual machine with the Azure portal

Azure virtual machines (VMs) can be created through the Azure portal. The Azure portal is a browser-based user interface to create VMs and their associated resources. In this quickstart you will use the Azure portal to deploy a Windows virtual machine (VM) running Ubuntu 18.04 LTS, create a key vault for the storage of encryption keys, and encrypt the VM.

If you don't have an Azure subscription, create a free account before you begin.

Sign in to Azure

Sign in to the Azure portal.

Create a virtual machine

  1. Choose Create a resource in the upper left corner of the Azure portal.
  2. In the New page, under Popular, select Windows Server 2016 Datacenter.
  3. In the Basics tab, under Project details, make sure the correct subscription is selected and then choose to Create new resource group. Enter myResourceGroup as the name.
  4. For Virtual machine name, enter MyVM.
  5. For Region, select the same region you used when making your key vault above (e.g., East US).
  6. Make sure the Size is Standard D2s v3.
  7. Under Administrator account, select Password. Enter a user name and a password. ResourceGroup creation screen
  8. Select the "Management" tab and verify that you have a Diagnostics Storage Account. If you have no storage accounts, select "Create New", give your new account a name, and select "Ok" ResourceGroup creation screen
  9. Click "Review + Create".
  10. On the Create a virtual machine page, you can see the details about the VM you are about to create. When you are ready, select Create.

It will take a few minutes for your VM to be deployed. When the deployment is finished, move on to the next section.

Encrypt the virtual machine

  1. When the VM deployment is complete, select Go to resource.

  2. On the left-hand sidebar, select Disks.

  3. On the Disks screen, select Encryption.

    disks and encryption selection

  4. On the encryption screen, under Disks to encrypt, choose OS and data disks.

  5. Under Encryption settings, choose Select a key vault and key for encryption.

  6. On the Select key from Azure Key Vault screen, select Create New.

    disks and encryption selection

  7. On the Create key vault screen, ensure that the Resource Group is the same as the one you used to create the VM.

  8. Give your key vault a name. Every key vault across Azure must have an unique name.

  9. On the Access Policies tab, check the Azure Disk Encryption for volume encryption box.

    disks and encryption selection

  10. Select Review + create.

  11. After the key vault has passed validation, select Create. This will return you to the Select key from Azure Key Vault screen.

  12. Leave the Key field blank and choose Select.

  13. At the top of the encryption screen, click Save. A popup will warn you that the VM will reboot. Click Yes.

Clean up resources

When no longer needed, you can delete the resource group, virtual machine, and all related resources. To do so, select the resource group for the virtual machine, select Delete, then confirm the name of the resource group to delete.

Next steps

In this quickstart, you created a Key Vault that was enable for encryption keys, created a virtual machine, and enabled the virtual machine for encryption.