az vm encryption

Manage encryption of VM disks.

Commands

az vm encryption disable Disable disk encryption on OS disk, Data disks, or both.
az vm encryption enable Enable disk encryption on OS disk, Data disks, or both.
az vm encryption show Show the encryption status.

az vm encryption disable

Disable disk encryption on OS disk, Data disks, or both.

az vm encryption disable --name
--resource-group
[--force]
[--volume-type {ALL, DATA, OS}]

Required Parameters

--name -n
The name of the Virtual Machine. You can configure the default using `az configure --defaults vm=<name>`.
--resource-group -g
Name of resource group. You can configure the default group using `az configure --defaults group=<name>`.

Optional Parameters

--force
Continue by ignoring client side validation errors.
--volume-type
Type of volume that the encryption operation is performed on.
accepted values: ALL, DATA, OS

az vm encryption enable

Enable disk encryption on OS disk, Data disks, or both.

az vm encryption enable --aad-client-id
--disk-encryption-keyvault
--name
--resource-group
[--aad-client-cert-thumbprint]
[--aad-client-secret]
[--key-encryption-algorithm]
[--key-encryption-key]
[--key-encryption-keyvault]
[--volume-type {ALL, DATA, OS}]

Required Parameters

--aad-client-id
Client ID of AAD app with permissions to write secrets to KeyVault.
--disk-encryption-keyvault
The KeyVault where generated encryption key will be placed.
--name -n
The name of the Virtual Machine. You can configure the default using `az configure --defaults vm=<name>`.
--resource-group -g
Name of resource group. You can configure the default group using `az configure --defaults group=<name>`.

Optional Parameters

--aad-client-cert-thumbprint
Thumbprint of AAD app certificate with permissions to write secrets to KeyVault.
--aad-client-secret
Client Secret of AAD app with permissions to write secrets to KeyVault.
--key-encryption-algorithm
default value: RSA-OAEP
--key-encryption-key
KeyVault key name or URL used to encrypt the disk encryption key.
--key-encryption-keyvault
The KeyVault containing the key encryption key used to encrypt the disk encryption key. If missing, CLI will use --disk-encryption-keyvault.
--volume-type
Type of volume that the encryption operation is performed on.
accepted values: ALL, DATA, OS

az vm encryption show

Show the encryption status.

az vm encryption show --name
--resource-group

Required Parameters

--name -n
The name of the Virtual Machine. You can configure the default using `az configure --defaults vm=<name>`.
--resource-group -g
Name of resource group. You can configure the default group using `az configure --defaults group=<name>`.