Project Work Hours
Sat & Sun 6am - 9am
Subscribe via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

This article covers my custom PowerShell Automation script use to set up Azure Disk Encryption (BitLocker) for an Azure Virtual Machine (VM) using Azure Key Vault. The article includes a video demonstration going over the entire process and testing the encryption process on a Windows Virtual Machine (VM).

Disk Encryption BitLocker

Video:

Steps in the above video covers;

Running of Initialize-AzureDiskEncryption.ps1 script which automates the steps below;

  • Create Azure Active Directory App
  • Create Key for App
  • Create Azure Key Vault
  • Add permission for the Azure Active Directory App to the Key Vault
  • Generate a self-signed encryption certificate
  • Upload encryption certificate to the Azure Key Vault Secret
  • Create Azure Key Vault Encryption Key (KEK)
  • Put a delete lock on Key Vault resource

Running of Add-AzureDiskEncryptionWinVM.ps1  which automates the steps below

  • Add Encryption certificate to VM’s local store
  • Enable disk encryption using disk encryption VM extension

 

Used quick start template to enable disk encryption for a running Virtual Machine (VM)

https://github.com/hhazeley/Azure-V2-Powershell-Scripts/tree/master/DiskEncryption

Microsoft Azure article covering referencing steps in video

https://docs.microsoft.com/en-us/azure/security/azure-security-disk-encryption

Disk Encryption Series

http://hazelnest.com/blog/blog/tag/disk-encryption