Unable to Enable Encryption at host for Azure VM

Tahami Rizwan 20 Reputation points
2023-09-28T10:43:20.4666667+00:00

I'm attempting to enable Encryption at host for a virtual machine (VM) in Azure. I've confirmed that the "Microsoft.Compute" resource provider is registered in my Azure subscription, and when I run the necessary command to verify, it shows as registered. However, when I try to enable encryption at the host level for the VM's disk, I encounter the following error:

Failed to update 'abc-vm'. Error: The property 'securityProfile.encryptionAtHost' is not valid because the 'Microsoft.Compute/EncryptionAtHost' feature is not enabled for this subscription

Any guidance or assistance would be greatly appreciated.

Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
7,158 questions
Azure Disk Encryption
Azure Disk Encryption
An Azure service for virtual machines (VMs) that helps address organizational security and compliance requirements by encrypting the VM boot and data disks with keys and policies that are controlled in Azure Key Vault.
160 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Tushar Kumar 3,226 Reputation points MVP
    2023-09-28T10:59:13.8566667+00:00

    You must enable the feature for your subscription before you can use encryption at host for either your VM or Virtual Machine Scale Set. Use the following steps to enable the feature for your subscription:

    Azure portal: Select the Cloud Shell icon on the Azure portal:.

    portal-launch-icon

    Execute the following command to register the feature for your subscription:

    Register-AzProviderFeature -FeatureName "EncryptionAtHost" -ProviderNamespace "Microsoft.Compute"

    Confirm that the registration state is Registered (registration may take a few minutes) using the following command before trying out the feature.

    Get-AzProviderFeature -FeatureName "EncryptionAtHost" -ProviderNamespace "Microsoft.Compute"

    https://learn.microsoft.com/en-us/azure/virtual-machines/disks-enable-host-based-encryption-portal?tabs=azure-powershell#prerequisites

    Hopefully this will resolve your issue.

    Please click "Accept as answer" if this helps.

    7 people found this answer helpful.
  2. Prrudram-MSFT 22,381 Reputation points
    2023-10-13T17:19:29.6866667+00:00

    Hi Tahami Rizwan

    Did you check if the feature is enabled for the correct subscription id?
    In case of multiple subscriptions, you need to set the subscription context and then run the following

    az feature register --namespace Microsoft.Compute --name EncryptionAtHost
    https://learn.microsoft.com/en-us/azure/virtual-machines/linux/disks-enable-host-based-encryption-cli#prerequisites

    If you continue to see the same error, I recommend you open an Azure support case and Azure technical support team will be able to further investigate the issue and help with this. If you don't have the ability to open a technical support ticket, please let me know and I can help you further with this.

    1 person found this answer helpful.