none
what is the poinit of ADE? RRS feed

  • Question

  • Hi,

    security center makes a lot of noise because of Azure Disk Encryption is not enabled. Alright, I encrypt Win OS disk with bitlocker and store encryption keys at Key Vault. I verify that OS disk is encrypted with PowerShell as well as windows disk manager. at that point my disk is encrypted and I decide to make a simple test: what happens when I create a new VM on top of the disk in another resource group? Well... nothing! Because disk still have connection to the KeyVault and can read all the secrets. My question is: what is the point to use Azure Disk Encryption if I am able to start "encrypted" disk in another resource group?

    Wednesday, November 20, 2019 1:37 PM

Answers

  • @azMantas It's not about the Resource Group, Key Vault and disk should be in the  same location 

    If the another resource group location is same then the Virtual Machine will boot with encrypted disk, if the another resource group location is different then it won't be able boot the Virtual Machine and it would be stuck at the password level asking for the passphrase key

    Kindly let us know if the above helps or you need further assistance on this issue.
    ------------------------------------------------------------------------------------------

    Do click on "Mark as Answer" and Upvote on the post that helps you, this can be beneficial to other community members.

    Thursday, November 21, 2019 12:18 PM
    Moderator

All replies

  • @azMantas It's not about the Resource Group, Key Vault and disk should be in the  same location 

    If the another resource group location is same then the Virtual Machine will boot with encrypted disk, if the another resource group location is different then it won't be able boot the Virtual Machine and it would be stuck at the password level asking for the passphrase key

    Kindly let us know if the above helps or you need further assistance on this issue.
    ------------------------------------------------------------------------------------------

    Do click on "Mark as Answer" and Upvote on the post that helps you, this can be beneficial to other community members.

    Thursday, November 21, 2019 12:18 PM
    Moderator
  • @azMantas Just checking in to see if the above answer helped. If this answers your query, do click “Mark as Answer” and Up-Vote for the same, which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.

    Friday, November 22, 2019 2:32 PM
    Moderator
  • @azMantas Following up on this query to see if the above suggestion was helpful. And, if you have any further query do let us know.

    Just checking in to see if the above answer helped. If this answers your query, do click “Mark as Answer” and Up-Vote for the same, which might be beneficial to other community members reading this thread. 
    Saturday, November 23, 2019 4:46 PM
    Moderator
  • Is there any update on the issue?

    If the suggested answer helped for your issue, do click on "Mark as Answer" and “Vote as Helpful” on the post that helps you, this can be beneficial to other community members.

    Monday, November 25, 2019 8:29 AM
    Moderator