Share via

need help to create DINE policy for Azure disk encryption for window and linux server

Ankita Rani Patro 181 Reputation points
2022-11-22T20:48:38.89+00:00

I am trying to create a DINE policy for azure vm disk encryption. Need help if anyone have worked on this policy

Azure Policy
Azure Policy
An Azure service that is used to implement corporate governance and standards at scale for Azure resources.
1,012 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. AnuragSingh-MSFT 21,546 Reputation points Moderator
    2022-11-29T15:18:08.637+00:00

    @Ankita Rani Patro , thank you for posting your question here. Can you please elaborate the ask, with the following information

    1. Do you have a policy created which is not working? If yes, please share the policy definition and the issue you are facing.

    2. Azure Disk Encryption requires a number of pre-requisites to be met as mentioned here. One of the requirements is to have the key vault in the same region and subscription as that of the VMs. This might come in way of assigning the policy once it is created. For example, if a resource group has VMs from 2 different regions, the policy will have to be assigned twice with keyvault details from those region (as a parameter, perhaps).

    3. You may refer to the ARM template below, for references related to encrypting VMs
    https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.compute

    4. Please share exact error/ask so that it can be reviewed and addressed.

    You may also consider using the "Audit" type in this case instead of "DINE", so that non-compliant resources are reported and mitigated later. A number of similar samples are available as in-built policy in portal.
    265295-image.png

    Please let me know if you have any questions.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.