Defender recommendation issue

Davit Grigoryan 11 Reputation points
2024-09-11T15:35:44.4766667+00:00

In Defender for cloud, I'm getting Windows virtual machines should enable Azure Disk Encryption or EncryptionAtHost recommendations, but in my Azure VM EncryptionAtHost enabled already, I have checked connection between VM and Azure monitor and also checked Heartbeat from azure monitor to agent and receive result from agent and vice versa. Why I'm receiving recommendation If encryption is in place.
User's image

User's image

Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,381 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Deepanshukatara-6769 9,430 Reputation points
    2024-09-12T06:45:52.19+00:00

    Hello Davit, Welcome to MS Q&A

    It seems that you have already enabled EncryptionAtHost (HBE) on your Azure VM. However, you are still receiving recommendations to enable Azure Disk Encryption (ADE) or EncryptionAtHost. Let's delve into the possible reasons for this recommendation.

    It's important to note that enabling both ADE and HBE at the same time on a VM is not supported. Additionally, customers should not enable HBE on a VM which previously used ADE at some point. This could be a reason why you are still receiving the recommendation despite having HBE enabled on your VM.

    Another aspect to consider is the compliance requirements for ADE. For Windows VMs, the OS disk and all data disks should be encrypted, with the exception of the 'System Reserved partition' and the "BEK volume" created by ADE extension. For Linux VMs, similar encryption requirements apply, with exemptions for certain disks and file system types not supported by the ADE extension.

    To further troubleshoot this issue, you can check if any disk on the VM is missing ADE encryption. For Windows, you can run the command "manage -bde --status" from an elevated command prompt or PowerShell window. For Linux, you can run the command "lsblk" from an elevated user prompt to verify the encryption status of the disks.

    For further details and specific commands to check the encryption status, you can refer to the Microsoft Defender for Cloud Encryption recommendation troubleshooting guide.

    For more detailed instructions, you can view solution:

    Please let us know if further questions

    Kindly accept answer if it helps

    Thanks

    Deepanshu


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.