- az vm encryption

Manage encryption of VM disks.

Commands

az vm encryption disable Disable disk encryption on OS disk, Data disks, or both.
az vm encryption enable Enable disk encryption on OS disk, Data disks, or both.
az vm encryption show Show the encryption status.

az vm encryption disable

Disable disk encryption on OS disk, Data disks, or both.

az vm encryption disable --name
--resource-group
[--force]
[--volume-type {ALL, DATA, OS}]

Required Parameters

--name -n

The name of the Virtual Machine. You can configure the default using az configure --defaults vm=.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=.

Optional Parameters

--force

Continue with encryption operations regardless of the warnings.

--volume-type

Type of volume that the encryption operation is performed on.

accepted values: ALL, DATA, OS

az vm encryption enable

Enable disk encryption on OS disk, Data disks, or both.

az vm encryption enable --aad-client-id
--disk-encryption-keyvault
--name
--resource-group
[--aad-client-cert-thumbprint]
[--aad-client-secret]
[--key-encryption-algorithm]
[--key-encryption-key]
[--key-encryption-keyvault]
[--volume-type {ALL, DATA, OS}]

Required Parameters

--aad-client-id

Client ID of AAD app with permissions to write secrets to KeyVault.

--disk-encryption-keyvault

The KeyVault where generated encryption key will be placed.

--name -n

The name of the Virtual Machine. You can configure the default using az configure --defaults vm=.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=.

Optional Parameters

--aad-client-cert-thumbprint

Thumbprint of AAD app certificate with permissions to write secrets to KeyVault.

--aad-client-secret

Client Secret of AAD app with permissions to write secrets to KeyVault.

--key-encryption-algorithm
default value: RSA-OAEP
--key-encryption-key

KeyVault key name or URL used to encrypt the disk encryption key.

--key-encryption-keyvault

The KeyVault containing the key encryption key used to encrypt the disk encryption key. If missing, CLI will use --disk-encryption-keyvault.

--volume-type

Type of volume that the encryption operation is performed on.

accepted values: ALL, DATA, OS

az vm encryption show

Show the encryption status.

az vm encryption show --name
--resource-group

Required Parameters

--name -n

The name of the Virtual Machine. You can configure the default using az configure --defaults vm=.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=.