Azure Disk Encryption for VMs can help you to meet your organizational security and compliance commitments by encrypting the disks of your VMs in Azure. For Windows VMs, it uses the BitLocker feature and, for Linux VMs, it uses the DM-Crypt feature for encryption of the OS and data disks. Azure Disk Encryption is available for Windows and Linux VMs with a minimum of 2 GB of memory, and for Standard VMs and VMs with Azure Premium Storage.

It uses Azure Key Vault to help to control and manage the disk encryption keys and secrets. Azure Disk Encryption also ensures that disks that are stored in Azure Storage are encrypted at rest.

You will get a High Severity alert in Azure Security Center if you have VMs that are not encrypted. From there, you will get the recommendation to encrypt these VMs, and you can take action to encrypt the VMs from the Azure Security Center directly.

In the next demonstration, we are going to encrypt the data disk of one of the VMs that we created in the Deploying a Windows VM from PowerShell demo. However, before we can encrypt the disk, we first need to create an Azure Key Vault. We are going to create this from the Azure portal.