OPTIONS TO ENCRYPT AZURE VM DISK
Azure Disk Encryption (ADE).
Encryption at rest using Platform-Managed Keys. This is the default option when you create Azure Virtual Machine.
Encryption at rest using Customer-Managed Keys.
Double Encryption at rest using Platform-Managed Keys and Customer-Managed Keys.
Encryption at Host.
Azure Disk Encryption (ADE) provides volume encryption for the OS and data disks using BitLocker feature of Windows and the DM-Crypt feature of Linux.
Encryption at rest automatically encrypts your data stored on Azure managed disks (OS and data disks) at rest by default when persisting it to the cloud. You can encrypt the Disks using Platform-Managed Key (Default option) or Customer-Managed Key or Double encryption with Platform-Managed Key and Customer-Managed Key. Note: When you use Platform-Managed Key (Default option), you don’t have to configure anything. It is enabled by default.
With Encryption at host, encryption happens at 2 places. One at Azure Server where your VM is located and second encryption is Virtual Machine OS and Data disk encryption at rest using Platform Managed Key or Customer-managed Key.
Note: In upcoming pages in this Chapter we will have Lab exercises on all of the above options.
COMPARING VM DISK ENCRYPTION OPTIONS
To know more about Azure VM Disk Encryption options in detail and Lab Exercises on ADE, Double Encryption at Rest using Customer-managed Key and Platform-managed Key and Encryption at Host, refer to book Exam AZ-500 Study & Lab Guide Part 3: Microsoft Certified Azure Security Engineer Associate.
Most Popular Blog Post
Blog Posts on Design Case Studies
Mini Design Example – Layer 4 Load Balancer or Layer 7 Load Balancer
Mini Design Scenario Excerpt: Identity Management
Business Continuity Solution for Web/App tier and Database Tier
Design Case Study – Secure Remote Access to on-premises Application
Azure AD B2B Collaboration User licensing Case Study
Blog Posts on Governance and Compliance
Blog Posts on Azure Virtual Machine HA, DR, Scalability and Costing
Azure Availability Zones (AZ)
Availability Set (AS)
Virtual Machine Scale Set (VMSS)
How to Save on Virtual Machine Compute Cost
Blog Post on Azure Virtual Networks
Other Popular Blog Posts
Identity options with Azure Active Directory (Azure AD)
Azure Service Bus Relay
Hands on Lab – Video on Demand (VOD) Streaming using Azure Media Services (AMS)
Azure AD Application Proxy
Azure Active Directory Privileged Identity Management
Azure IoT Edge
Blog Posts and links on Azure AZ Series Certifications and Exams
Amazon Link for Exam AZ-300 & AZ-301 Study & Lab Guide Part 2
Amazon Link for Exam AZ-300 & AZ-301 Study & Lab Guide Part 1
Amazon link for Exam AZ-103 Study & Lab Guide
Sample Chapter from AZ-300 & AZ-301 Study and Lab Guide Part 2
Sample Chapter from AZ-300 & AZ-301 Study and Lab Guide Part 1
TOC and Sample Chapter from AZ-103 Study and Lab Guide
NEW AZURE CERTIFICATIONS & BOOKS
Blog Posts on Exam Guide and Exam Experience
Blog Posts on Azure Lab Guide
Read the full article here:https://mykloud.wordpress.com/2021/11/30/azure-virtual-machine-disk-encryption-options/