Summary
To secure Azure virtual machine (VM) disks, Azure provides Storage Service Encryption (SSE) and Azure Disk Encryption (ADE). These technologies work together to provide strong 256-bit encryption as part of a defense-in-depth approach for the protection of Azure VM disks. You must complete the ADE prerequisites to enable disk encryption. The ADE prerequisites configuration script can automate this process. When enabling encryption on new VMs, you can use an Azure Resource Manager template. Using a template ensures that your data is encrypted at the point of deployment, leaving no vulnerabilities.
Clean up
The sandbox automatically cleans up your resources when you're finished with this module.
When you're working in your own subscription, it's a good idea at the end of a project to identify whether you still need the resources you created. Resources that you leave running can cost you money. You can delete resources individually or delete the resource group to delete the entire set of resources.
Learn more
- Azure Disk Encryption scenarios on Linux VMs
- Overview of managed disk encryption options
- Resource Manager templates on GitHub
- Azure data security and encryption best practices