profile for Hannel on Stack Exchange, a network of free, community-driven Q&A sites
Project Work Hours
Sat & Sun 6am - 9am
Subscribe via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.


This article covers my custom PowerShell Automation script use to set up Azure Disk Encryption (BitLocker) for an Azure Virtual Machine (VM) using Azure Key Vault. The article includes a video demonstration going over the entire process and testing the encryption process on a Windows Virtual Machine (VM).

Disk Encryption BitLocker


Steps in the above video covers;

Running of Initialize-AzureDiskEncryption.ps1 script which automates the steps below;

  • Create Azure Active Directory App
  • Create Key for App
  • Create Azure Key Vault
  • Add permission for the Azure Active Directory App to the Key Vault
  • Generate a self-signed encryption certificate
  • Upload encryption certificate to the Azure Key Vault Secret
  • Create Azure Key Vault Encryption Key (KEK)
  • Put a delete lock on Key Vault resource

Running of Add-AzureDiskEncryptionWinVM.ps1  which automates the steps below

  • Add Encryption certificate to VM’s local store
  • Enable disk encryption using disk encryption VM extension


Used quick start template to enable disk encryption for a running Virtual Machine (VM)

Microsoft Azure article covering referencing steps in video

Disk Encryption Series