Azure Data Disk Encryption ?

Category: azure disk encryption


Cao Truong HOANG on Thu, 14 Apr 2016 08:17:18

Hi everybody,

I have finished to encrypt my VM. Below, it is my result : But i don't know if my vm data disk is encrypted too or not ? If not, how can i encrypt it ?

Thank !




manojsehgal on Fri, 15 Apr 2016 23:51:08

Hi Cao,

Is this a windows VM or a Linux OS?

You can check the encryption status of VM using PowerShell cmdlet.

Install Azure PS cmdlet from

Open PowerShell and login to your Azure Subscription.


>Get-AzureRmVmDiskEncryptionStatus  -ResourceGroupName $rgname -VMName $vmName



manojsehgal on Sat, 16 Apr 2016 00:29:10

Also if this is Windows VM, make sure the data disk which you attached from Azure portal is initialized.

RDP to VM and open disk management.

Open disk management, initialize the disk and format it with NTFS file system.

ADE will encrypt the data disk and store the key in key vault server.

Cao Truong HOANG on Mon, 18 Apr 2016 08:36:47

Hi Manoj,

Thank you very much for your answer.

Yes, with there powershell, i noted that my data disk is not encrypted. My machine is a windows VM.

Do you krown how can i encrypt my vm data disk without formating the data disk ?




manojsehgal on Mon, 18 Apr 2016 17:06:02

use below ps cmdlet

Set-AzureRmVMDiskEncryptionExtension -ResourceGroupName $rgname -VMName $vmName -AadClientID $aadClientID -AadClientSecret $aadClientSecret -DiskEncryptionKeyVaultUrl $diskEncryptionKeyVaultUrl -DiskEncryptionKeyVaultId $KeyVaultResourceId -VolumeType Data

Cao Truong HOANG on Thu, 21 Apr 2016 08:37:25

Hi Manoj, It work well. Thank you very much.

Ryanhav on Thu, 03 Nov 2016 23:31:48

Hello, I'm trying to do the same thing, however I'm not sure where we get the values for the AadClientId and AadSecret.  When I setup the Key Vault I wasn't prompted for those and those don't show up in my Azure Active Directory Applications list.

Is there another way to retrieve those from the Key Vault?