This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(272, 56.00000000000001%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
After initiating ADE for a Linux VM's data disks I experience inconsistent states throughout the Azure portal and also within the CLI:
The Azure portal shows "SSE with PMK" (does not mention ADE).
az vm encryption show shows:
"name": "centos7-test-datadisk",
"statuses": [
{
"code": "EncryptionState/encrypted",
"displayStatus": "Encryption is enabled on disk",
"level": "Info",
"message": null,
"time": null
}
]
}
],
"status": [
{
"code": "ProvisioningState/succeeded",
"displayStatus": "Provisioning succeeded",
"level": "Info",
"message": "Encryption succeeded for data volumes",
"time": null
}
],
"substatus": [
{
"code": "ComponentStatus/Microsoft.Azure.Security.AzureDiskEncryptionForLinux/succeeded",
"displayStatus": "Provisioning succeeded",
"level": "Info",
"message": "{\"os\": \"NotEncrypted\", \"data\": \"NotEncrypted\"}",
"time": null
}
]
The data disk itself shows as encrypted, while the the second line before the last shows "data:NotEncrypted".
How to reliably verify if my disks are encrypted?
An Azure service for virtual machines (VMs) that helps address organizational security and compliance requirements by encrypting the VM boot and data disks with keys and policies that are controlled in Azure Key Vault.
Answer accepted by question author
Hi,
There are a few methods listed over here:
Verify encryption status for Linux
https://learn.microsoft.com/en-us/azure/virtual-machines/linux/how-to-verify-encryption-status
Best regards,
Leon
Hi Leon,
thanks for that hint! Didn't know that page. Unfortunately the inconsistency continues:
Get-AzVmDiskEncryptionStatus -ResourceGroup private-lab-test -VMName centos7-test
OsVolumeEncrypted : NotEncrypted
DataVolumesEncrypted : NotEncrypted
OsVolumeEncryptionSettings :
ProgressMessage : Encryption succeeded for data volumes
Anyway, the lsblk command on OS level revealed that the disks are actually not encrypted...
Glad to hear that you've found out the real encryption status.