Quickpost: Encrypting Azure Virtual Machine using BitLocker

Here are the steps that are required to encrypt the disk of Azure Virtual Machine. This is a very high level overview of the process, and I do recommend on reading the full guide: /en-us/azure/security-center/security-center-disk-encryption#run-the-azure-disk-encryption-prerequisites-powershell-command

• Open Azure portal and navigate to the virtual machine (Windows 2008 R2 and above) you want to encrypt and then select Disks.

• As we can see the disk is not encrypted:

• Open PowerShell ISE and login to your Azure account by typing the following command:

  Login-AzureRmAccount

• Copy all the text from the following link to PowerShell ISE and execute it: https://raw.githubusercontent.com/Azure/azure-powershell/master/src/ResourceManager/Compute/Commands.Compute/Extension/AzureDiskEncryption/Scripts/AzureDiskEncryptionPreRequisiteSetup.ps1

• The script will ask you to provide few parameters

  resourceGroupName: motiCorpKv
  keyVaultName: kvMoti
  location: North Europe
  subscriptionId: 482e8a7b-5d8a-406c-9e9c-e64fc28f2a39
  aadAppName: motiAad

• After providing all the parameters you'll see a warning about the operation

• After the process is completed the disk is encrypted as we can see in the portal

That's all