Disk Encryption - Can we add/enable bitlocker for all datadisks attached to VMs

Girish Prajwal 706 Reputation points
2020-07-16T10:55:01.41+00:00

Hi Team,

I would like to enable bitlocker for all datadisks including OS disk. Is it possible to enable bit-locker and store the keys on Azure Key Vault.

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,069 questions
Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
2,579 questions
0 comments No comments
{count} votes

Accepted answer
  1. Sumarigo-MSFT 42,681 Reputation points Microsoft Employee
    2020-07-16T11:30:44.393+00:00

    @v-girip Azure Disk Encryption uses Azure Key Vault to control and manage disk encryption keys and secrets. For more information about key vaults, see Get started with Azure Key Vault and Secure your key vault.

    Configure Azure Key Vault – Ensure that key vault to which keys and secrets need to be restored is already present. Refer the article Get Started with Azure Key Vault for details about key vault management.

    BitLocker is an industry-recognized Windows volume encryption technology that's used to enable disk encryption on Windows VMs.

    Azure Disk Encryption for Windows VMs uses the BitLocker feature of Windows to provide full disk encryption of the OS disk and data disks. Additionally, it provides encryption of the temporary disk when the VolumeType parameter is All. The content flows encrypted from the VM to the Storage backend. Thereby, providing end-to-end encryption with a customer-managed key.

    Azure Disk Encryption selects the encryption method in BitLocker based on the version

    Currently Generation 2 VMs do not support Azure Disk Encryption. See Support for Generation 2 VMs on Azure for details.

    See Supported VMs and operating systems.
    Hope this helps!


    Please don’t forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. T. Kujala 8,686 Reputation points
    2020-07-16T11:09:19.357+00:00

    Hi @v-girip,

    You can use Azure Disk Encryption for OS and data disks. It uses the Bitlocker feature of Windows. It is integrated with Azure Key Vault.

    https://learn.microsoft.com/en-us/azure/virtual-machines/windows/disk-encryption-overview

    1 person found this answer helpful.
    0 comments No comments