Disable-AzureRmVMDiskEncryption

Disables encryption on an IaaS virtual machine.

Warning

The AzureRM PowerShell module has been officially deprecated as of February 29, 2024. Users are advised to migrate from AzureRM to the Az PowerShell module to ensure continued support and updates.

Although the AzureRM module may still function, it's no longer maintained or supported, placing any continued use at the user's discretion and risk. Please refer to our migration resources for guidance on transitioning to the Az module.

Syntax

Disable-AzureRmVMDiskEncryption
       [-ResourceGroupName] <String>
       [-VMName] <String>
       [[-VolumeType] <String>]
       [[-Name] <String>]
       [[-TypeHandlerVersion] <String>]
       [-Force]
       [-DisableAutoUpgradeMinorVersion]
       [-ExtensionType <String>]
       [-ExtensionPublisherName <String>]
       [-DefaultProfile <IAzureContextContainer>]
       [-WhatIf]
       [-Confirm]
       [<CommonParameters>]

Description

The Disable-AzureRmVMDiskEncryption cmdlet disables encryption on an infrastructure as a service (IaaS) virtual machine. This cmdlet is only supported on Windows virtual machines and not Linux virtual machines. This cmdlet installs an extension on the virtual machine to disable encryption. If the Name parameter is not specified, an extension with the default name "AzureDiskEncryption for Windows VMs" is created. Caution: This cmdlet reboots the virtual machine.

Examples

Example 1: Disable encryption for all volumes on a Windows virtual machine

PS C:\> Disable-AzureRMVMDiskEncryption -ResourceGroupName "Group001" -VMName "VM002"

This command disables encryption for volumes of type all for the virtual machine named VM002 that belongs to the resource group named Group001. Since the VolumeType parameter is not specified, the cmdlet sets the value to All.

Example 2: Disable encryption for data volumes on a Windows virtual machine

PS C:\> $ResourceGroup = "Group002";
PS C:\> $VMName = "VM004";
PS C:\> Disable-AzureRMVMDiskEncryption -ResourceGroupName "Group002" -VMName "VM004" -VolumeType "Data"

This command disables encryption for volumes of type data for the virtual machine named VM004 that belongs to the resource group named Group002.

Parameters

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-DefaultProfile

The credentials, account, tenant, and subscription used for communication with azure.

Type:IAzureContextContainer
Aliases:AzureRmContext, AzureCredential
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-DisableAutoUpgradeMinorVersion

Indicates that this cmdlet disables auto-upgrade of the minor version of the extension.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-ExtensionPublisherName

The extension publisher name. Specify this parameter only to override the default value of "Microsoft.Azure.Security".

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-ExtensionType

The extension type. Specify this parameter to override its default value of "AzureDiskEncryption" for Windows VMs and "AzureDiskEncryptionForLinux" for Linux VMs.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-Force

Forces the command to run without asking for user confirmation.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Name

Specifes the name of the Azure Resource Manager (ARM) resource that represents the extension. If this parameter is not specified, this cmdlet defaults to "AzureDiskEncryption for Windows VMs".

Type:String
Aliases:ExtensionName
Position:3
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-ResourceGroupName

Specifies the resource group name of the virtual machine.

Type:String
Position:0
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-TypeHandlerVersion

Specifies the version of the encryption extension. If you do not specify a value for this parameter, the latest version of the extension is used.

Type:String
Aliases:HandlerVersion, Version
Position:4
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-VMName

Specifies the name of the virtual machine that this cmdlet disables encryption on.

Type:String
Aliases:ResourceName
Position:1
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-VolumeType

Specifies the type of virtual machine volumes to perform the encryption operation. For Windows virtual machines, valid values are:

  • All
  • OS
  • Data. If you do not specify a value for this parameter, the default value is All. Disable encryption is not currently supported for Linux.
Type:String
Accepted values:OS, Data, All
Position:2
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

Inputs

String

SwitchParameter

Outputs

PSAzureOperationResponse