Linux VM's encryption state inconsistent

Question

After initiating ADE for a Linux VM's data disks I experience inconsistent states throughout the Azure portal and also within the CLI:

The Azure portal shows "SSE with PMK" (does not mention ADE).

az vm encryption show shows:

"name": "centos7-test-datadisk",
      "statuses": [
        {
          "code": "EncryptionState/encrypted",
          "displayStatus": "Encryption is enabled on disk",
          "level": "Info",
          "message": null,
          "time": null
        }
      ]
    }
  ],
  "status": [
    {
      "code": "ProvisioningState/succeeded",
      "displayStatus": "Provisioning succeeded",
      "level": "Info",
      "message": "Encryption succeeded for data volumes",
      "time": null
    }
  ],
  "substatus": [
    {
      "code": "ComponentStatus/Microsoft.Azure.Security.AzureDiskEncryptionForLinux/succeeded",
      "displayStatus": "Provisioning succeeded",
      "level": "Info",
      "message": "{\"os\": \"NotEncrypted\", \"data\": \"NotEncrypted\"}",
      "time": null
    }
  ]

The data disk itself shows as encrypted, while the the second line before the last shows "data:NotEncrypted".

How to reliably verify if my disks are encrypted?

Answer 1

Hi,

There are a few methods listed over here:

Verify encryption status for Linux
https://learn.microsoft.com/en-us/azure/virtual-machines/linux/how-to-verify-encryption-status

Best regards,
Leon