How to encrypt (and decrypt) your Azure VM disks after deployment

On: May 22, 2019

This is how you can encrypt your Azure virtual machine disks :

az vm encryption enable --resource-group "ResourceGroupOfVM" --name "VMName" --disk-encryption-keyvault "/KeyVaultResourceIDHere" --volume-type All

You can find your keyvault Resource ID here :

The reason that I used the Resource id instead of the keyvault name is that now it’s possible for the keyvault to be part of another resourcegroup.

Use the following command to decrypt your VM :

az vm encryption disable --name MyVirtualMachine --resource-group MyResourceGroup --volume-type ALL