One of the recommendations from Azure Security Center is to enable disk encryption on your virtual machines. This is achieved using Azure Disk Encryption.
In this lab, you’ll encrypt one of the Contoso virtual machines – the instructions on how to do this are listed in the following documentation page:
Rather than listing out all steps in this lab guide, please follow the steps on the documentation page to encrypt VM1 in the ‘Contoso-IaaS’ resource group. Note that during the running of the prerequisites script, you’ll need to supply some information – you can use the following parameters for this:
- Resource Group: Contoso-IaaS
- Key Vault Name: Use a globally unique name for this resource.
- Location: westus2
- Subscription ID: You can obtain this from the portal by going to ‘All Services’ and then ‘Subscriptions’.
- Azure AD App Name: Contosoade
Note that the Set-AzureRmVMDiskEncryptionExtension command provided in the document may not work correctly – instead use the following command after running the prerequisites script to enable disk encryption:
Set the ‘vmName’ variable:
$vmName = “vm1”
Enable encryption on the VM:
Set-AzureRmVMDiskEncryptionExtension -ResourceGroupName $resourceGroupName -VMName $vmName -AadClientID $aadClientID.gu