Share via

How to disable bitlocker from VM

Natan Dutra 1 Reputation point
2020-09-19T14:13:58.183+00:00

I've been unable to unlock my VM disk which is locked by Bitlocker.
I've tried to follow the instructions provided here: https://learn.microsoft.com/en-us/azure/virtual-machines/troubleshooting/troubleshoot-bitlocker-boot-error#solution
However, I can't see the BEK from my attached disk (F).

25889-image.png

Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
Azure Disk Storage
Azure Disk Storage
A high-performance, durable block storage designed to be used with Azure Virtual Machines and Azure VMware Solution.

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sumarigo-MSFT 47,501 Reputation points Microsoft Employee Moderator
    2020-09-21T16:25:25.407+00:00

    @Natan Dutra Firstly, apologies for the delay in responding here and any inconvenience this issue may have caused.
    This template disables encryption on a running windows vm: https://azure.microsoft.com/en-in/resources/templates/201-decrypt-running-windows-vm/

    Disables encryption on an IaaS virtual machine:

    Since you are informing you have never enabled azure disk encryption, you may run the below mentioned cmdlets and check the status through PS and Portal

    26108-capture.jpg

    Verify the disks are encrypted: To check on the encryption status of an IaaS VM, use the Get-AzVmDiskEncryptionStatus cmdlet
    Get-AzVmDiskEncryptionStatus -ResourceGroupName 'MyVirtualMachineResourceGroup' -VMName 'MySecureVM'

    Disable disk encryption: To disable the encryption, use the Disable-AzVMDiskEncryption cmdlet. Disabling data disk encryption on Windows VM when both OS and data disks have been encrypted doesn't work as expected. Disable encryption on all disks instead.

    Disable-AzVMDiskEncryption -ResourceGroupName 'MyVirtualMachineResourceGroup' -VMName 'MySecureVM'

    Disable encryption: https://learn.microsoft.com/en-us/azure/virtual-machines/windows/disk-encryption-windows

    Once the data disks are no longer encrypted, you can proceed to perform the clean-up operations to remove the ADE extension from the virtual machine and ADE configuration files from the VM following the instructions below. Remove-AzVMDiskEncryptionExtension. Running Remove-AzVMDiskEncryptionExtension before the encryption is disabled will fail.

    Hope this helps!

    Kindly let us know if the above helps or you need further assistance on this issue.

    ---------------------------------------------------------------------------------------------------------------------------------------------------------

    Please don’t forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

    1 person found this answer helpful.

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.