Enable volume encryption, deduplication, and compression in Azure Stack HCI

Applies to: Azure Stack HCI, versions 21H2 and 20H2; Windows Server 2022, Windows Server 2019

This topic covers how to enable encryption with BitLocker on volumes in Azure Stack HCI using Windows Admin Center. It also covers how to enable deduplication and compression on volumes. To learn how to create volumes, see Create volumes.

Turn on BitLocker to protect volumes

To turn on BitLocker in Windows Admin Center:

  1. Connect to a Storage Spaces Direct cluster, and then on the Tools pane, select Volumes.


    To use a new feature that provides an additional locally held BitLocker key and not rely on Active Directory, you must use Windows PowerShell. The new feature is only available in Windows Server 2022 and Azure Stack HCI, version 21H2. For more information, see Use BitLocker with Cluster Shared Volumes (CSV).

  2. On the Volumes page, select the Inventory tab, and then under Optional features, switch on the Encryption (BitLocker) toggle.

    The toggle switch to enable BitLocker

  3. On the Encryption (BitLocker) pop-up, select Start, and then on the Turn on Encryption page, provide your credentials to complete the workflow.

    If the Install BitLocker feature first pop-up displays, follow its instructions to install the feature on each server in the cluster, and then restart your servers.

Turn on deduplication and compression

Deduplication and compression are managed per volume. Deduplication and compression use a post-processing model, which means that you won't see savings until it runs. When it does, it will work over all files, even files that were there from before.

To turn on deduplication and compression on a volume in Windows Admin Center:

  1. Connect to a Storage Spaces Direct cluster, and then on the Tools pane, select Volumes.

  2. On the Volumes page, select the Inventory tab.

  3. In the list of volumes, select the name of the volume that you want to manage.

  4. On the volume details page, switch on the Deduplication and compression toggle.

  5. On the Enable deduplication pane, select the deduplication mode.

    Instead of complicated settings, Windows Admin Center lets you choose between ready-made profiles for different workloads. If you're not sure, use the default setting.

  6. Select Enable deduplication.

Watch a quick video on how to turn on deduplication and compression. The video doesn't show encryption.

Enabling volume encryption has a small impact on volume performance—typically under 10%, but the impact varies depending on your hardware and workloads. Data deduplication and compression also has an impact on performance—for details, see Determine which workloads are candidates for Data Deduplication.

You're done! Repeat as needed to protect the data in your volumes.

Next steps

For related topics and other storage management tasks, see also: