Azure disk encryption

Question

I have a VM with 4 disk encrypted with SSE with PMK & ADE. I added two additional disk to increase the storage pool when I follow instruction -

$KVRGname = 'MyKeyVaultResourceGroup';
$VMRGName = 'MyVirtualMachineResourceGroup';
$vmName = 'MySecureVM';
$KeyVaultName = 'MySecureVault';
$KeyVault = Get-AzKeyVault -VaultName $KeyVaultName -ResourceGroupName $KVRGname;
$diskEncryptionKeyVaultUrl = $KeyVault.VaultUri;
$KeyVaultResourceId = $KeyVault.ResourceId;

Set-AzVMDiskEncryptionExtension -ResourceGroupName $VMRGname -VMName $vmName -DiskEncryptionKeyVaultUrl $diskEncryptionKeyVaultUrl -DiskEncryptionKeyVaultId $KeyVaultResourceId;

From https://learn.microsoft.com/en-us/azure/virtual-machines/windows/disk-encryption-windows#enable-encryption-on-a-newly-added-data-disk. The virtual machine did not reboot on its own. I tried running from powershell ISE and native shell in Azure. I rebooted the machine and two disk still shows only SSE with PMK.

My KeyVault has two encryption not sure which one was used by consultant when it was initially set thus unable apply above changes from portal GUI interface

Answer 1

@prasantc
From the script that you posted it looks like you're missing the 'Sequence version' variable, which is needed when trying to encrypt a newly added data disk. Additionally, can you please make sure that your data disks are initialized and formatted in NTFS prior to re-running the encryption script.

If you're still having issues please let me know.
Thank you for your time and patience throughout this issue.