(Cloud) Tip of the Day: Azure Disk Encryption for Windows and Linux IaaS VMs Preview

Today’s Tip…

While data disk encryption for Azure IaaS virtual machines has been available for some time now; we recently announced the public preview of Azure Disk Encryption for Linux and Windows Virtual Machines.

Azure Disk Encryption is a new capability that lets you encrypt your Windows and Linux IaaS virtual machine disks. Azure Disk Encryption leverages the industry standard BitLocker feature of Windows and the DM-Crypt feature of Linux to provide volume encryption for the OS and the data disks. The solution is integrated with Azure Key Vault to help you control and manage the disk encryption keys and secrets in your key vault subscription, while ensuring that all data in the virtual machine disks are encrypted at rest in your Azure storage.

Encryption Scenarios:

The Azure Disk Encryption solution supports the following 3 customer encryption scenarios:

• Enable encryption on new IaaS VM’s created from Customer Encrypted VHD and encryption keys
• Enable encryption on new IaaS VM’s created from the Azure Gallery
• Enable encryption on existing IaaS VM’s already running in Azure

The solution supports the following for IaaS VMs for public preview release when enabled in Microsoft Azure:

• Integration with Azure Key Vault
• Standard A, D, and G Series IaaS VMs
• Enable encryption on IaaS VMs created using Azure Resource Manager model
• All Azure public regions

The solution does not support the following scenarios, features and technology in the public preview release:

• Basic VMs and Standard DS (Premium Storage) series IaaS VMs
• IaaS VMs created using classic VM creation method
• Ability to disable encryption on the IaaS VM, enabled via Azure disk encryption
• Integration with your on-premises Key Management Service
• Windows Server Technical Preview 3
• Red Hat Enterprise Linux
• Azure Files (Azure file share), Network file system (NFS), Dynamic volumes, Software-based RAID systems