profile for Hannel on Stack Exchange, a network of free, community-driven Q&A sites
Project Work Hours
Sat & Sun 6am - 9am
Subscribe via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.


This article covers setting up Azure Disk Encryption (BitLocker) for an Azure Virtual Machine (VM) using Azure Key Vault. The article includes a video demonstration going over the entire process using only graphical user interface and testing the encryption process on a Windows Virtual Machine (VM).

Disk Encryption BitLocker



Steps in the above video covers;

  • Created Azure Active Directory App
  • Created Key for App
  • Created Azure Key Vault
  • Added permission for the Azure Active Directory App to the Key Vault
  • Created Azure Key Vault Encryption Key (KEK)
  • Uploaded my encryption certificate to the Azure Key Vault Secret, this certificate was generated earlier off screen
    • PowerShell commands used to create self-signed certificate
      $Cert = New-SelfSignedCertificate -Subject "CN=Disk Encryption Cert" -CertStoreLocation "cert:\LocalMachine\My" -FriendlyName "<RG> - Disk Encryption Cert" -NotAfter (Get-Date).AddMonths(60) -KeyAlgorithm RSA -KeyLength 2048 -Type Custom
      Export-PfxCertificate -Cert $cert -Password (ConvertTo-SecureString "EncryptDisk101" -AsPlainText -Force) -FilePath .\<RG>_Diskencrypt.pfx -Force
  • Used quick start template to enable disk encryption for a running Virtual Machine (VM)

Microsoft Azure article covering referencing steps in video

Disk Encryption Series