need help to create DINE policy for Azure disk encryption for window and linux server

Ankita Rani Patro 176 Reputation points
2022-11-22T20:48:38.89+00:00

I am trying to create a DINE policy for azure vm disk encryption. Need help if anyone have worked on this policy

Azure Policy
Azure Policy
An Azure service that is used to implement corporate governance and standards at scale for Azure resources.
830 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. AnuragSingh-MSFT 21,246 Reputation points
    2022-11-29T15:18:08.637+00:00

    @Ankita Rani Patro , thank you for posting your question here. Can you please elaborate the ask, with the following information

    1. Do you have a policy created which is not working? If yes, please share the policy definition and the issue you are facing.

    2. Azure Disk Encryption requires a number of pre-requisites to be met as mentioned here. One of the requirements is to have the key vault in the same region and subscription as that of the VMs. This might come in way of assigning the policy once it is created. For example, if a resource group has VMs from 2 different regions, the policy will have to be assigned twice with keyvault details from those region (as a parameter, perhaps).

    3. You may refer to the ARM template below, for references related to encrypting VMs
    https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.compute

    4. Please share exact error/ask so that it can be reviewed and addressed.

    You may also consider using the "Audit" type in this case instead of "DINE", so that non-compliant resources are reported and mitigated later. A number of similar samples are available as in-built policy in portal.
    265295-image.png

    Please let me know if you have any questions.