Azure Resource Graph Explorer - How to query Disk Encryption for OS Disks and Data Disks

Question

Azure Resource Graph Explorer - How to query Disk Encryption for OS Disks and Data Disks

Parm Dhesi 25

I am fairly new to querying Azure Resources using the Resource Graph Explorer. I have been able to use sample queries to looks up properties of my VMs, Storage, Subscriptions, etc. and display in unique order. It's pretty powerful stuff.

Unfortunately I'm having troubles querying the field called "Encryption" to display all the unique values that can reside in this attribute. I want to run a query for all my subscriptions/all VMs/all disks that may or may not have an encryption value for all disks.

I have search the Category "Disks" and I can't find it. I have even searched by Table and still no luck.

Any help is appreciated.

Thanks

Parm

Capture

Monalla-MSFT 13,071 Reputation points Moderator

2023-01-23T16:29:33.3366667+00:00

@Parm Dhesi -

We noticed your feedback that the above answer was not helpful. Thank you for taking time to share your feedback. Kindly let us know what we could have done better to improve the answer and make your engagement experience good. We are here to help you and strive to make your experience better and greatly value your feedback. Looking forward to your reply. Much appreciate your feedback.

2 answers

Your answer

Monalla-MSFT 13,071 Reputation points Moderator

2023-01-23T16:29:33.3366667+00:00

@Parm Dhesi -

We noticed your feedback that the above answer was not helpful. Thank you for taking time to share your feedback. Kindly let us know what we could have done better to improve the answer and make your engagement experience good. We are here to help you and strive to make your experience better and greatly value your feedback. Looking forward to your reply. Much appreciate your feedback.

Answer 1

Luke Murray 11,436 MVP Volunteer Moderator

Using the Azure Resource Graph Explorer (Using the Azure Resource Graph Explorer (https://azure.microsoft.com/en-us/get-started/azure-portal/resource-graph/#overview), I created the following KQL query:), I created the following KQL query:

Resources
| where type == "microsoft.compute/disks"
| project diskName=name, diskSizeGB=properties.diskSizeGB, diskSKU=sku.name, encryptionType=properties.encryption.type, diskState=properties.diskState

User's image

The encryption data for my environment only contained the following, as its Platform managed: User's image

Parm Dhesi 25 Reputation points

2023-01-11T17:02:06.9733333+00:00

Luke - I appreciate the quick reply. I too got the value "EncryptionAtRestWithPlatformKey" for all my disks as well after I ran your code. Yet in the screen capture I initially sent I see value of "SSE with PMK". I should see that value in in my result but I don't. mmmmmmm...

Thanks for you help. Looks like I need to investigate something further.

Answer 2

Monalla-MSFT 13,071 Moderator

@Parm Dhesi - Welcome to Microsoft Q&A and thanks for reaching out to us.

Do you have VMs with encryption deployed with customer managed keys?

if you used platform host encryption that is the only value that you will see. In ARG the only value will be EncryptionAtRestWithPlatformKey which means SSE with PMK, if you use customer managed keys, I suspect the value should be different.

Hope this helps. and please feel free to reach out if you have any further questions.

If the above response was helpful, please feel free to "Accept as Answer" and "Upvote" the same so it can be beneficial to the community.

Deleted

This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Parm Dhesi 25 Reputation points

2023-01-23T21:25:27.7866667+00:00

Hello @Monalla-MSFT - I don't have have customer managed keys but I have a valued called "SSE with PMK & ADE" under the OS disk item. See the attached pic. How do I query for those values?
Monalla-MSFT 13,071 Reputation points Moderator

2023-02-02T19:23:59.2566667+00:00
@Parm Dhesi -Looks like we need to troubleshoot this further, we would like to put you in touch with a support engineer so you can receive 1:1 support for a deeper investigation on this.

We would need you to send us an email at AzCommunity@Microsoft.com by providing below details.

Subject : ATTN:Monika

Subscription ID

A link to this thread.

Please email us these details and we will work with you closely to get this issue taken care of and also post any findings here in the thread so the community can benefit from it.

Thanks in advance. Looking forward for your email.
Parm Dhesi 25 Reputation points

2023-02-02T23:34:10.55+00:00

@Monalla-MSFT I have just emailed AzCommunity@Microsoft.com to provide support. Thanks!

Share via

Azure Resource Graph Explorer - How to query Disk Encryption for OS Disks and Data Disks

2 answers

Your answer