Secure Azure Infra – 5:Encrypting Virtual Machines

One of the recommendations from Azure Security Center is to enable disk encryption on your virtual machines. This is achieved using Azure Disk Encryption.

In this lab, you’ll encrypt one of the Contoso virtual machines – the instructions on how to do this are listed in the following documentation page:

https://docs.microsoft.com/en-us/azure/security-center/security-center-disk-encryption

Rather than listing out all steps in this lab guide, please follow the steps on the documentation page to encrypt VM1 in the ‘Contoso-IaaS’ resource group. Note that during the running of the prerequisites script, you’ll need to supply some information – you can use the following parameters for this:

  • Resource Group: Contoso-IaaS
  • Key Vault Name: Use a globally unique name for this resource.
  • Location: westus2
  • Subscription ID: You can obtain this from the portal by going to ‘All Services’ and then ‘Subscriptions’.
  • Azure AD App Name: Contosoade

Note that the Set-AzureRmVMDiskEncryptionExtension command provided in the document may not work correctly – instead use the following command after running the prerequisites script to enable disk encryption:

Set the ‘vmName’ variable:

$vmName = “vm1”

Enable encryption on the VM:

Set-AzureRmVMDiskEncryptionExtension -ResourceGroupName $resourceGroupName -VMName $vmName -AadClientID $aadClientID.gu

About engsoon

Eng Soon is a 4-time Microsoft MVP and has nearly 5 years of experience building enterprise system in the cloud.He is also a Certified Microsoft Azure.Eng Soon also have strong technical skills and analytic skill. As a developer, Besides the development task, he also involved in Project Management, Consulting, and Marketing. He has a passion for technology and sharing what he learns with others to help enable them to learn faster and be more productive. He also took part as speaker in many nationwide technical events, such as Conference, Meetup and Workshop. Currently, looking for opportunity in Cyber Security which include Cloud Security and Application Security.

View all posts by engsoon →

Leave a Reply

Your email address will not be published. Required fields are marked *