Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,141 questions
1 answer
One of the answers was accepted by the question author.
How to enable key vault permission for disk encryption set using Azure Python SDK API calls?
I am setting up disk encryption using a key vault, but I'm unable to grant permission to the key vault after creating the Disk Encryption Set (DES). The overview section of the DES shows a warning that reads: "To associate a disk, image, or snapshot…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(131.20000000000002, 44%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPJ%3C/text%3E%3C/svg%3E)
1 answer
VM protected with ADE and the key in Key Vault expires - expected outcome?
Hello, We have Azure Disk Encryption enabled on our VMs. The encryption key is stored in an Azure key vault and there is a corporate policy that keys and secrets must have expiry dates. I tested to see what would happen to a VM when the key expired. The…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(172.8, 74%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
1 answer
One of the answers was accepted by the question author.
Az Powershell to get disk encryption is pmk or cmk
The azure vm disk can be cmk or pmk encrypted. Which azure powershell command let's me find the disk encryption type is pmk or cmk. (Note - i am only bothered about pmk and cmk encryption and not other encryption)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(96, 71%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
1 answer
One of the answers was accepted by the question author.
Is UEFI lock required for Encrypted Azure VM
Hello, We are asked to apply a New Security Control –“ Protective Process Light for LSASS should be enabled with a UEFI lock.” We are using Gen2 Azure Windows Server 2019 and selected 'Standard' as security type when the VMs were created. The OS disk has…
asked 2023-09-15T01:35:00.01+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(112.00000000000001, 50%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFM%3C/text%3E%3C/svg%3E)
Farzana Mustafa
81
Reputation points
accepted 2023-09-18T23:44:02.0133333+00:00
Farzana Mustafa
81
Reputation points
1 answer
Facing error while encrypting a VM os and data disk using ADE
Facing error while encrypting a virtual machine(windows server 2016) disk through ADE. Although have given all the access roles to the key vaults and also enabled the desired permssions in vault access policy and all the resource access for vault but…
asked 2023-08-02T10:43:07.4633333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(48, 32%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EIS%3C/text%3E%3C/svg%3E)
Ishan Saxena
20
Reputation points
commented 2023-09-05T04:17:59.43+00:00
Sumarigo-MSFT
43,911
Reputation points Microsoft Employee
1 answer
Error creating a azurerm_storage_encryption_scope for a storage account with terraform
Hi all i am working on a terraform script for creating my infra on azure. i am facing some issue. i want to set encryption_scope for my storage container but i don't find any reference for setting for storage container. i found the reference for…
asked 2023-08-09T17:01:58.9766667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(150.4, 10%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EV%3C/text%3E%3C/svg%3E)
Vikrant
20
Reputation points
commented 2023-09-04T13:33:25.0733333+00:00
Sumarigo-MSFT
43,911
Reputation points Microsoft Employee
2 answers
Deleting multiple unattached azure disks in bulk
My question is broken into two sections, related to Azure disks that are unattached/ no owner. 1s question: Besides using the Azure portal to check which disks have no owner associated with them, is there another way I can check or run a script for…
asked 2022-04-05T13:44:40.763+00:00
Razzi29
331
Reputation points
edited the question 2023-08-25T06:12:40.48+00:00
Sumarigo-MSFT
43,911
Reputation points Microsoft Employee
2 answers
Azure Files failing transactions
We have recently configured Azure Files and successfully migrated one of our many department directories. We are experiencing no significant issues and no user complaints to this point. As part of the configuration we enabled Diagnostic Settings…
asked 2022-05-25T17:18:11.403+00:00
Hauck, Michael
1
Reputation point
edited the question 2023-08-25T06:12:39.84+00:00
Sumarigo-MSFT
43,911
Reputation points Microsoft Employee
1 answer
Storage account - Infrastructure level encryption
Hello, I want to create a storage account and enable infrastructure encryption. From MS documentation is states that: "Infrastructure-level encryption **relies on Microsoft-managed keys and always uses a separate key.**"…
asked 2021-12-20T06:40:18.367+00:00
Angela Calborean
71
Reputation points
edited the question 2023-08-25T06:12:39.4+00:00
Sumarigo-MSFT
43,911
Reputation points Microsoft Employee
2 answers
Serviso gratuito 12 meses
Ola, me cadastrei na Microsoft azure a 1 mes aproximado venho utilizando a maquina, no inicio me falava que eu tinha 12 meses de acesso gratuito, mas acabou que recebi uma mensagem falando que acabou meus créditos, oque preciso fazer ?
asked 2021-11-04T03:30:39.78+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(25.6, 72%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESL%3C/text%3E%3C/svg%3E)
samuel lacerda
6
Reputation points
edited the question 2023-08-25T06:12:38.9433333+00:00
Sumarigo-MSFT
43,911
Reputation points Microsoft Employee
1 answer
Offline time window when enabling Encryption at Host
Good morning, i have a question regarding enabling Encryption at Host. Currently i have the option to enable it, but the VM must be offline, so i am wondering what is the time that machine has to be offline while this process is executing? What does it…
asked 2023-07-28T14:11:00.3633333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(121.6, 47%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENP%3C/text%3E%3C/svg%3E)
Nermin Pezerovic
0
Reputation points
commented 2023-08-22T13:51:27.8866667+00:00
TP
78,506
Reputation points
2 answers
Azure Disk encryption on Azure virtual desktop
we already enabled ADE on Azure VMs disks based on CloudCheckR tool recommendations. But now, we need suggestions whether we should also enable ADE (Azure Disk Encryptions) on AVD (Azure Virtual Desktops)? Or not required if any justification, since…
asked 2023-07-26T20:06:23.97+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 53%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMH%3C/text%3E%3C/svg%3E)
M Hemant Kumar
20
Reputation points
commented 2023-08-02T14:57:56.0666667+00:00
Sumarigo-MSFT
43,911
Reputation points Microsoft Employee
1 answer
Do Enabling Customer Managed Keys will have any effect while accessing data using SAS keys?
We are trying to implement customer managed keys in storage accounts. So i do understand that we might have to make few code changes while connecting to Storage account as mentioned in the article…
Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
2,733 questions
Azure Disk Encryption
Azure Disk Encryption
An Azure service for virtual machines (VMs) that helps address organizational security and compliance requirements by encrypting the VM boot and data disks with keys and policies that are controlled in Azure Key Vault.
162 questions
Azure FastTrack
Azure FastTrack
Azure: A cloud computing platform and infrastructure for building, deploying and managing applications and services through a worldwide network of Microsoft-managed datacenters.FastTrack: This tag is no longer in use. Please use 'Azure Startups' instead.
74 questions
asked 2023-07-21T07:08:39.1766667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(83.2, 28.999999999999996%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESV%3C/text%3E%3C/svg%3E)
Sachin Vettiyattil-FT
41
Reputation points
commented 2023-08-02T14:49:33.7133333+00:00
Sumarigo-MSFT
43,911
Reputation points Microsoft Employee
2 answers
One of the answers was accepted by the question author.
Azure Disk Encryption - Failing due to SSL/TLS secure connection
Hi All, Our Azure Disk Encyrption keeps failing to due to an error saying a secure SSL/TLS connection could not be established, from my troubleshooting it seems it is our proxy that is causing it to fail as once uninstalled it works fine. Does anyone…
asked 2023-07-28T09:13:53.8666667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(16, 89%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBW%3C/text%3E%3C/svg%3E)
Ben Woodman
106
Reputation points
accepted 2023-08-01T08:08:42.4266667+00:00
Ben Woodman
106
Reputation points
1 answer
One of the answers was accepted by the question author.
SERVER SIDE ENCRYPTION - PMK TO CMK
We have several linux azure VMs and storage accounts with SSE encryption being Platform managed keys. The existing infra built using terraform. Now we are planning to convert all managed disks and storage accounts to SSE CMK. The question is, Does pmk to…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(310.4, 76%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EV%3C/text%3E%3C/svg%3E)
1 answer
One of the answers was accepted by the question author.
What does "SSE with PMK & ADE" mean?
I understand what Server Side Encryption and Azure Disk Encryption mean and how you can turn them on. I don't understand that when I turn on the ADE (BitLocker) for a (windows) VM's OS disk, the OS disk encryption says "SSE with PMK &…
asked 2022-10-05T04:00:12.477+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(176, 43%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAJ%3C/text%3E%3C/svg%3E)
Anuj Jain
71
Reputation points
commented 2023-07-22T07:38:42.6266667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(163.2, 27%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAG%3C/text%3E%3C/svg%3E)
Aditya Garg
61
Reputation points
1 answer
Azure Policy to remediate/Enforce "Encryption at Host"
Hello Community, I observe the in built Azure Policy here to audit VMs for "encryption at host" setting(end to end encryption using PMK or CMK). "Virtual machines and virtual machine scale sets should have encryption at host…
asked 2023-06-26T16:52:04.5333333+00:00
Aditya Garg
61
Reputation points
answered 2023-07-20T03:58:13.29+00:00
Jesse Loudon
336
Reputation points MVP
1 answer
One of the answers was accepted by the question author.
Can we add "Disk Encryption Set" managed Identity to AD groups
As part of implementing Managed Disks SSE-CMK, we are planning to associate/add "Disk Encryption Set "managed Identity to Azure security AD groups. Is it possible? As per my knowledge I can do this with user managed Identity, but would like to…
3 answers
One of the answers was accepted by the question author.
What RSA Size should i use to enable ADE on Azure VMs?
Hi, When i try to enable ADE on our Azure Virtual Machines they keep failing due to an error: VM has reported a failure when processing extension 'AzureDiskEncryption'. Error message: "[2.3.0.0] Failed to enable Azure Disk Encryption on the VM with…
asked 2023-07-12T14:27:26.3966667+00:00
Ben Woodman
106
Reputation points
accepted 2023-07-14T07:38:20.2766667+00:00
Ben Woodman
106
Reputation points
1 answer
How to update a generalized disk in Azure VM
I am facing an issue where I am unable to upgrade the disk size of my generalized VM through the Azure portal. The portal does not show me the update option under the disk section. I have tried using az-cli, but I am encountering permission issues and…
asked 2023-07-04T07:47:07.93+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 32%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDG%3C/text%3E%3C/svg%3E)
devidinesh7890@gmail.com
0
Reputation points
commented 2023-07-14T05:56:31.98+00:00
Prrudram-MSFT
22,486
Reputation points