Disk encryption in Azure
Encrypting Azure disks ensures that unattended and unauthorized access to the disks will be prevented by encrypting the data. This can be done at both an infrastructure level, through server-side encryption (SSE), and at an operating system (OS) level too, through Azure disk encryption (ADE).
SSE is the encryption of data stored on Azure managed disks when persisting to the cloud.
ADE provides a mechanism to safeguard and protect your data. It is zone resilient just like Azure VMs. In Windows, the encryption is done through BitLocker in the Windows OS with the option to store the encrypting key in Key Vault. The same is true for Linux with the utility for encryption being DM-Crypt.
In the following exercise, we are going to explore how to encrypt an Azure Windows VM.
Configuring ADE
We will now walk through the steps involved in performing ADE. This will be performed on a Windows VM:
- Navigate to your VM in the Azure portal and select...