Project Work Hours
Sat & Sun 6am - 9am
Subscribe via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

This article covers setting up Azure Disk Encryption (BitLocker) for an Azure Virtual Machine (VM) using Azure Key Vault. The article includes a video demonstration going over the entire process using only graphical user interface and testing the encryption process on a Windows Virtual Machine (VM).

Disk Encryption BitLocker

 

Video:

Steps in the above video covers;

  • Created Azure Active Directory App
  • Created Key for App
  • Created Azure Key Vault
  • Added permission for the Azure Active Directory App to the Key Vault
  • Created Azure Key Vault Encryption Key (KEK)
  • Uploaded my encryption certificate to the Azure Key Vault Secret, this certificate was generated earlier off screen
    • PowerShell commands used to create self-signed certificate
      $Cert = New-SelfSignedCertificate -Subject "CN=Disk Encryption Cert" -CertStoreLocation "cert:\LocalMachine\My" -FriendlyName "<RG> - Disk Encryption Cert" -NotAfter (Get-Date).AddMonths(60) -KeyAlgorithm RSA -KeyLength 2048 -Type Custom
      Export-PfxCertificate -Cert $cert -Password (ConvertTo-SecureString "EncryptDisk101" -AsPlainText -Force) -FilePath .\<RG>_Diskencrypt.pfx -Force
  • Used quick start template to enable disk encryption for a running Virtual Machine (VM)
    https://github.com/Azure/azure-quickstart-templates/tree/master/201-encrypt-running-windows-vm

Microsoft Azure article covering referencing steps in video

https://docs.microsoft.com/en-us/azure/security/azure-security-disk-encryption

Disk Encryption Series

http://hazelnest.com/blog/blog/tag/disk-encryption