How to encrypt (and decrypt) your Azure VM disks after deployment

This is how you can encrypt your Azure virtual machine disks :

az vm encryption enable --resource-group "ResourceGroupOfVM" --name "VMName" --disk-encryption-keyvault "/KeyVaultResourceIDHere" --volume-type All
You can find your keyvault Resource ID here :
Keyvault resource ID
The reason that I used the Resource id instead of the keyvault name is that now it’s possible for the keyvault to be part of another resourcegroup.
Use the following command to decrypt your VM :
az vm encryption disable --name MyVirtualMachine --resource-group MyResourceGroup --volume-type ALL

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.