Enabling Azure Disk Encryption

When you activate encryption at the host level, data residing on the VM host becomes encrypted while at rest, and it is transmitted in an encrypted form to the Azure Storage service. For a more in-depth understanding of encryption at the host, as well as other managed disk encryption methods, please refer to Encryption at host - End-to-end encryption for your VM data in Azure documentation.

note

Disk encryption can be enabled using the Azure CLI or Azure PowerShell only.

Prerequisite

Azure CLI

Setup Steps

After setting your Subscription ID, use Azure CLI to run the following command:

az feature register --name EncryptionAtHost  --namespace Microsoft.Compute

Confirming Registration

To use Azure CLI for confirming whether encryption at host has been enabled, run the following command:

az feature show --name EncryptionAtHost --namespace Microsoft.Compute

Registration may take a few minutes after the initial registration attempt.

Prerequisite​

Setup Steps​

Confirming Registration​

Prerequisite

Setup Steps

Confirming Registration