OPTIONS TO ENCRYPT AZURE VM DISK

Azure Disk Encryption (ADE).

Encryption at rest using Platform-Managed Keys. This is the default option when you create Azure Virtual Machine.

Encryption at rest using Customer-Managed Keys.

Double Encryption at rest using Platform-Managed Keys and Customer-Managed Keys.

Encryption at Host.

Azure Disk Encryption (ADE) provides volume encryption for the OS and data disks using BitLocker feature of Windows and the DM-Crypt feature of Linux.

Encryption at rest automatically encrypts your data stored on Azure managed disks (OS and data disks) at rest by default when persisting it to the cloud. You can encrypt the Disks using Platform-Managed Key (Default option) or Customer-Managed Key or Double encryption with Platform-Managed Key and Customer-Managed Key. Note: When you use Platform-Managed Key (Default option), you don’t have to configure anything. It is enabled by default.

With Encryption at host, encryption happens at 2 places. One at Azure Server where your VM is located and second encryption is Virtual Machine OS and Data disk encryption at rest using Platform Managed Key or Customer-managed Key.

Note: In upcoming pages in this Chapter we will have Lab exercises on all of the above options.

COMPARING VM DISK ENCRYPTION OPTIONS

To know more about Azure VM Disk Encryption options in detail and Lab Exercises on ADE, Double Encryption at Rest using Customer-managed Key and Platform-managed Key and Encryption at Host, refer to  book Exam AZ-500 Study & Lab Guide Part 3: Microsoft Certified Azure Security Engineer Associate.

Most Popular Blog Post

Virtual Networks

Blog Posts on Design Case Studies

Mini Design Example – Layer 4 Load Balancer or Layer 7 Load Balancer
Mini Design Scenario Excerpt: Identity Management
Business Continuity Solution for Web/App tier and Database Tier
Design Case Study – Secure Remote Access to on-premises Application
Azure AD B2B Collaboration User licensing Case Study

Blog Posts on Governance and Compliance

Implementing IT Governance in Azure Cloud
Data Compliance in Cloud with Immutable Blob Storage

Blog Posts on Azure Virtual Machine HA, DR, Scalability and Costing

Azure Availability Zones (AZ)
Availability Set (AS)
Virtual Machine Scale Set (VMSS)
How to Save on Virtual Machine Compute Cost

Blog Post on Azure Virtual Networks

Virtual Networks
Azure Virtual Network Peering

Other Popular Blog Posts

Identity options with Azure Active Directory (Azure AD)
Azure Service Bus Relay
Containers
Hands on Lab – Video on Demand (VOD) Streaming using Azure Media Services (AMS)
Azure AD Application Proxy
Azure Active Directory Privileged Identity Management
Azure IoT Edge

Blog Posts and links on Azure AZ Series Certifications and Exams

Amazon Link for Exam AZ-300 & AZ-301 Study & Lab Guide Part 2
Amazon Link for Exam AZ-300 & AZ-301 Study & Lab Guide Part 1
Amazon link for Exam AZ-103 Study & Lab Guide
Sample Chapter from AZ-300 & AZ-301 Study and Lab Guide Part 2
Sample Chapter from AZ-300 & AZ-301 Study and Lab Guide Part 1
TOC and Sample Chapter from AZ-103 Study and Lab Guide
NEW AZURE CERTIFICATIONS & BOOKS

Blog Posts on Exam Guide and Exam Experience

Exam AZ-300 & AZ-301 Study & Lab Guide
70-535 Exam Experience

Blog Posts on Azure Lab Guide

MCSA Cloud Infrastructure Lab Guide 70-534 Exam
MCSA Cloud Infrastructure Lab Guide 70-534 Exam listed as Best Seller on Amazon