Share via

Issue with Defender Recommendations - Linux virtual machines should enable Azure Disk Encryption or EncryptionAtHost.

Kuldeep Singh(OT) 75 Reputation points
2024-06-15T08:00:35.97+00:00

HI i have 3 virtual machines in azure

i have enabled one week back Encryption at host for all machines -

Now am seeing - Recommendations - Virtual machines and virtual machine scale sets should have encryption at host enabled is now in healthy state.

but at same time - Recommendations Linux virtual machines should enable Azure Disk Encryption or EncryptionAtHost. is still in unhealthy state.

it should not be like that.

is this a glitch from azure or i need to do more stuff. can someone help me with it.

Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
7,929 questions
Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,392 questions

4 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. akinbade abiola 17,290 Reputation points
    2024-06-15T08:25:42.9+00:00

    Hello Kuldeep Singh(OT),

    Thanks for your question.

    I will recommend the following:

    Verify that Encryption at Host is indeed enabled for all your VMs. You can do this through the Azure portal or Azure CLI. To do this with CLI, see:

    az vm encryption show --name MyVirtualMachine --resource-group MyResourceGroup

    If confirmed it is enabled, then Give it some time (up to 24 hours) for Azure to refresh its recommendation status.

    See: https://learn.microsoft.com/en-us/azure/virtual-machines/windows/disk-encryption-overview

    Regards,

    You can mark it 'Accept Answer' if this helped you

  2. kobulloc-MSFT 26,336 Reputation points Microsoft Employee
    2024-06-24T18:39:25.28+00:00

    Hello, @Kuldeep Singh(OT) !

    Why am I getting a Defender recommendation for EncryptionAtHost when it is already enabled?

    This appears to be unintended behavior and we would like to look at your resources to further investigate the issue. Please email the following to AzCommunity@microsoft.com and we'll get back to you promptly:

    • Subject: "Attn: kobulloc - Defender EncryptionAtHost recommendation"
    • Email body: Your Subscription ID
    • Email body: A link to this thread so we can validate and expedite the request

    If you don't receive a response within 24 hours, please reply to the thread so we can investigate.

    Issue summary:

    • Encryption at Host has been enabled for all VMs.
    • You have verified that Encryption at Host is enabled via az vm encruption show on your Linux VMs.
    • Defender shows a healthy state for Encryption at Host on your Linux VMs.
    • Defender shows an unhealthy state for Encryption at Host or enable Azure Disk Encryption for your Linux VMs.

    I hope this has been helpful! Your feedback is important so please take a moment to accept answers.

    If you still have questions, please let us know what is needed in the comments so the question can be answered. Thank you for helping to improve Microsoft Q&A!

    User's image

  3. Kuldeep Singh 0 Reputation points
    2024-10-01T05:35:54.44+00:00

    Closing comment on Issue with Defender Recommendations - Linux virtual machines should enable Azure Disk Encryption or EncryptionAtHost.

    This recommendation will not resolved until you uses Guest Configuration extenstion and manage identity as it requires two pre-requisites which are System identity and AzurePolicy extension to be present on Azure vm.

    Thanks

     

    0 comments
  4. David Webb 0 Reputation points
    2024-10-14T12:35:46.24+00:00

    I too have this issue (in fact, I am seeing lots of similar issues with Advisor telling me to fix things I fixed over a week ago). The VMs have the Guest Configuration Extension installed, they have a Managed Identity, and I have enabled Encryption At Host, yet over a week after doing this they still show as unhealthy in Advisor.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.