Azure Disk Encryption for Windows VM's using custom images

Category: azure disk encryption

Question

Mike Barratt on Wed, 18 Apr 2018 09:56:10


Can you confirm if Azure Disk Encryption (ADE) is supported for existing Windows IAAS vm's created using custom images.  There appears to be conflicting information in two documents as below, unless I'm reading it incorrectly;

https://docs.microsoft.com/en-us/azure/security/azure-security-disk-encryption states;

  • Enable encryption on Windows and Linux IaaS VMs customer custom images is NOT supported.

https://docs.microsoft.com/en-us/azure/virtual-machines/windows/encrypt-disks states;

Supported scenarios and requirements for disk encryption:

  • Enabling encryption on new Windows VMs from Azure Marketplace images or custom VHD image.

Can you confirm if ADE is supported or not on Windows IAAS custom images?

Many thanks

Mike


Replies

vikranth s on Wed, 18 Apr 2018 17:00:57


Windows OS in general should be supported.

Which version of Windows are you using?

Mike Barratt on Wed, 18 Apr 2018 17:09:21


Windows 2012 R2

vikranth s on Wed, 18 Apr 2018 17:15:02


Thanks for pointing this, we will update the document. Azure Disk Encryption is fully supported for Windows Server 2012 R2.

“If this answer was helpful, click “Mark as Answer” or Up-Vote. To provide additional feedback on your forum experience, click here


Brians54321 on Thu, 31 May 2018 16:04:47


Hi Mike - don't know if you ever got an answer to these, but those two links that you provide are for two different things.  One is Azure Disk Encryption (ADE), or "Encryption as a Service."  The other is bitlockering your own VM, and doesn't mention ADE at all.  ADE is not supported for custom images, as MS have no control over things like partitions.