Skip to content
This repository has been archived by the owner on Oct 14, 2021. It is now read-only.

Latest commit

 

History

History
58 lines (43 loc) · 1.66 KB

VM.md

File metadata and controls

58 lines (43 loc) · 1.66 KB
Raw

Virtual Machines

Encrypted Disks

URL: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/encrypt-disks#encrypt-a-virtual-machine

Setup some variables:

$keyVaultName = "kvaz203duncan"
$rgName = "az-203-training"
$vmName = "az203vm"
$keyName = "VMKey"

Create an encryption key:

Add-AzKeyVaultKey -VaultName $keyVaultName -Name $keyName -Destination 'Software'

Encrypt the VM:

$keyVault = Get-AzKeyVault -VaultName $keyVaultName -ResourceGroupName $rgName;
$diskEncryptionKeyVaultUrl = $keyVault.VaultUri;
$keyVaultResourceId = $keyVault.ResourceId;
$keyEncryptionKeyUrl = (Get-AzKeyVaultKey -VaultName $keyVaultName -Name $keyName).Key.kid;

Set-AzVMDiskEncryptionExtension -ResourceGroupName $rgName `
    -VMName $vmName `
    -DiskEncryptionKeyVaultUrl $diskEncryptionKeyVaultUrl `
    -DiskEncryptionKeyVaultId $keyVaultResourceId `
    -KeyEncryptionKeyUrl $keyEncryptionKeyUrl `
    -KeyEncryptionKeyVaultId $keyVaultResourceId

Check if a VM has encrypted disks - before:

PS Azure:\> Get-AzVmDiskEncryptionStatus  -ResourceGroupName $rgName -VMName $vmName

OsVolumeEncrypted          : NotEncrypted
DataVolumesEncrypted       : NotEncrypted
OsVolumeEncryptionSettings :
ProgressMessage            : No Encryption extension or metadata found on the VM

... and after:

PS Azure:\> Get-AzVmDiskEncryptionStatus  -ResourceGroupName $rgName -VMName $vmName

OsVolumeEncrypted          : Encrypted
DataVolumesEncrypted       : NoDiskFound
OsVolumeEncryptionSettings : Microsoft.Azure.Management.Compute.Models.DiskEncryptionSettings
ProgressMessage            : Provisioning succeeded