locked
Managed Disks showing up as not encrypted in Azure Portal RRS feed

  • Question

  • <p>I created two VMs earlier this week in East, US Azure Datacenter. &nbsp;When validating everything prior to releasing them to Prod, I noticed that managed disks were showing up as Encryption "Not enabled". &nbsp;All the reading I've done on the subject says that Managed Disks created after June 9, 2017 are automagically encrypted by default. &nbsp;So is this a bug in the portal and my disks are encrypted OR are they no longer being encrypted by default? &nbsp;If it is the latter please let me know the steps to encrypt them.


    • Edited by Lourite Friday, August 4, 2017 10:01 PM
    Thursday, August 3, 2017 3:56 PM

Answers

  • There are two kinds of encryption to discuss about managed disks:

    1. Storage Service Encryption (SSE), which is performed by the storage service. Storage service encryption (SSE) is enabled by default for all managed disks. SSE encrypts data at rest using keys managed by Microsoft. We are planning show the SSE encryption status soon in the portal.

    How can I find out if my managed disk is encrypted?

    You can find out the time when a managed disk was created from the Azure portal, the Azure CLI, and PowerShell. If the time is after June 9, 2017, then your disk is encrypted.

    Reference: Managed Disks and Storage Service Encryption

    2.Azure Disk Encryption, which you can enable on the OS and data disks for your VMs. encryption property is associated with Azure disk encryption which is another way of encrypting your disks. Azure Disk Encryption leverages the industry standard BitLocker feature of Windows and the DM-Crypt feature of Linux to provide volume encryption for the OS and the data disks. As you haven't enabled this encryption, your disks are shown as not encrypted. 

    For more information refer the below link:

    Azure Disk Encryption for Windows and Linux IaaS VMs

    Do click on "Mark as Answer" on the post that helps you, this can be beneficial to other community members.

    Thursday, August 3, 2017 5:52 PM

All replies

  • There are two kinds of encryption to discuss about managed disks:

    1. Storage Service Encryption (SSE), which is performed by the storage service. Storage service encryption (SSE) is enabled by default for all managed disks. SSE encrypts data at rest using keys managed by Microsoft. We are planning show the SSE encryption status soon in the portal.

    How can I find out if my managed disk is encrypted?

    You can find out the time when a managed disk was created from the Azure portal, the Azure CLI, and PowerShell. If the time is after June 9, 2017, then your disk is encrypted.

    Reference: Managed Disks and Storage Service Encryption

    2.Azure Disk Encryption, which you can enable on the OS and data disks for your VMs. encryption property is associated with Azure disk encryption which is another way of encrypting your disks. Azure Disk Encryption leverages the industry standard BitLocker feature of Windows and the DM-Crypt feature of Linux to provide volume encryption for the OS and the data disks. As you haven't enabled this encryption, your disks are shown as not encrypted. 

    For more information refer the below link:

    Azure Disk Encryption for Windows and Linux IaaS VMs

    Do click on "Mark as Answer" on the post that helps you, this can be beneficial to other community members.

    Thursday, August 3, 2017 5:52 PM
  • I have the same issue.  In the Portal under VM->Disks, the OS disk and both data disks are showing as: Encryption: Not Enabled.  But when I run the Get-AzureRMVMDiskEncryptionStatus command for the same VMs, it returns:

    ProgressMessage            : OsVolume: Encrypted, DataVolumes: Encrypted

    These are managed disks that were encrypted before June 10, 2017.

    This is happening for 3 of my Windows VMs.

    Monday, December 11, 2017 8:23 PM
  • Have you enabled the Azure Disk Encryption on your VMs?

    Can you share the screenshots for better understand on your query?

    Do click on "Mark as Answer" on the post that helps you, this can be beneficial to other community members.

    Tuesday, December 12, 2017 2:12 PM
  • I noticed the same issue. In the Portal under VM -> Disks, the OS disk is showing "Encryption: Not Enabled". But when I run the Get-AzureRMVMDiskEncryptionStatus command, I get "OsVolume: Encrypted, DataVolumes: Encrypted".

    It is a virtual machine with managed disks created in 10/2017, and I just added disk encryption yesterday. Who could help to look into this? Thanks!


    Monday, December 18, 2017 3:28 PM
  • You can get the encryption status of the IaaS VM from Azure Portal by doing the following:

    1. Sign in to the Azure Portal, and then click Virtual machines in the left pane to see a summary view of the virtual machines in your subscription. You can filter the virtual machines view by selecting the subscription name in the Subscription drop-down list.

    2. At the top of the Virtual machines page, click Columns.

    3. On the Choose column blade, select Disk Encryption, and then click Update. You should see the disk-encryption column showing the encryption state Enabled or Not Enabled for each VM, as shown in the following figure:

    Do click on "Mark as Answer" on the post that helps you, this can be beneficial to other community members.

    • Proposed as answer by vikranth s Wednesday, December 20, 2017 2:06 PM
    Wednesday, December 20, 2017 2:06 PM
  • Starting June 10, 2017, all Managed Disks are encrypted at rest at Storage level, where SSE (Storage Service Encryption) is enabled by default.

    However, Encryption at Disk level is not enabled by default and has to be enabled after VM provisioning, using Azure Disk Encryption (ADE). This is true for both Windows and Linux VMs, and for any type of disk.

    You can read my article, where I have shown how to enable Disk Encryption for Azure Windows VMs, using PowerShell. This covers both OS and Data Disks.

    https://social.technet.microsoft.com/wiki/contents/articles/53496.azure-disk-encryption-configure-for-azure-windows-vms.aspx

    Wednesday, December 25, 2019 8:12 AM