This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(217.60000000000002, 82%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EIL%3C/text%3E%3C/svg%3E)
I am trying to encrypt disks in my Azure Linux VM(CentOS 7) with some critical data, how can I do it?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(48, 36%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
I am reaching out to see if you have any further questions. If so, please let us know and we will be glad to assist further. If the below answer was helpful, please make sure to Accept it as answer as it helps other members in the community. Thank you!
@Infra Leads I am reaching out to see if you have any further questions. If so, please let us know and we will be glad to assist further. If the below answer was helpful, please make sure to Accept it as answer as it helps other members in the community. Thank you!
@Infra Leads Thanks for reaching out to Microsoft Q&A. I understand that you want to encrypt disks in your Azure Linux VM(Cent OS7).
Here are the steps for Encrypting an OS drive on a running Linux VM- https://learn.microsoft.com/en-us/azure/virtual-machines/linux/disk-encryption-sample-scripts#steps
Steps
Set-AzVMSourceImage -VM $VirtualMachine -PublisherName "OpenLogic" -Offer "CentOS" -Skus "7.2n" -Version "latest"
```
1. Configure the VM according to your needs. If you're going to encrypt all the (OS + data) drives, the data drives need to be specified and mountable from /etc/fstab.
**Note**
Use UUID=... to specify data drives in /etc/fstab instead of specifying the block device name (for example, /dev/sdb1). During encryption, the order of drives changes on the VM. If your VM relies on a specific order of block devices, it will fail to mount them after encryption.
1. Sign out of the SSH sessions.
1. To encrypt the OS, specify volumeType as **All** or **OS** when you enable encryption.
**Note**
All user-space processes that are not running as `systemd` services should be killed with a `SIGKILL`. Reboot the VM. When you enable OS disk encryption on a running VM, plan on VM downtime.
1. Periodically monitor the progress of encryption by using the instructions in the [next section](https://learn.microsoft.com/en-us/azure/virtual-machines/linux/disk-encryption-sample-scripts#monitoring-os-encryption-progress).
1. After Get-AzVmDiskEncryptionStatus shows "VMRestartPending", restart your VM either by signing in to it or by using the portal, PowerShell, or CLI.
PowerShellCopy
C:\> Get-AzVmDiskEncryptionStatus -ResourceGroupName $ResourceGroupName -VMName $VMName
-ExtensionName $ExtensionName
OsVolumeEncrypted : VMRestartPending DataVolumesEncrypted : NotMounted OsVolumeEncryptionSettings : Microsoft.Azure.Management.Compute.Models.DiskEncryptionSettings ProgressMessage : OS disk successfully encrypted, reboot the VM ```
Before you reboot, we recommend that you save [boot diagnostics](https://azure.microsoft.com/blog/boot-diagnostics-for-virtual-machines-v2/) of the VM.
Does this help with your concern? If not, please do let me know and I will be glad to assist further. Thank you!
Remember:
Please accept an answer if correct. Original posters help the community find answers faster by identifying the correct answer. Here is how.
Want a reminder to come back and check responses? Here is how to subscribe to a notification.