Introduction
Suppose you work for a warehouse company that's transitioning to the cloud. Currently, you use a hybrid environment consisting of on-premises Windows servers, Azure Virtual Machines (VMs), and Microsoft Entra ID. Your company developed a custom in-house business-to-business (B2B) infrastructure that supports secure order management with your suppliers. Some of your suppliers use Linux servers, and you run several Linux servers in Azure to support these suppliers.
Your security policies mandate that data must be encrypted using your own encryption keys, and that your company is responsible for managing these keys.
Your admin team already uses PowerShell for on-premises server management. You're going to deploy and test many Azure VMs, and intend to use Azure Resource Manager templates to automate this process.
Here, you look at the types of protection available for virtual machine (VM) disks so you can decide if Azure Disk Encryption (ADE) is the best choice for a given scenario. Then, you enable ADE on existing VM disks and use templates to enable ADE for new VM deployments.
Learning objectives
In this module, you:
- Determine which encryption method is best for your VM.
- Encrypt existing VM disks using the Azure portal.
- Encrypt existing VM disks using PowerShell.
- Modify Azure Resource Manager templates to automate disk encryption on new VMs.