Introduction
To pass the AZ-104 exam, you must complete several live online lab tests. Azure Disk Encryption (ADE) is optional but provides an extra layer of security over Server-Side Encryption (SSE). In some cases, it may be required to meet compliance commitments.
Azure Disk Encryption
Azure Disk Encryption helps protect and safeguard your data to meet your organizational security and compliance commitments. For a detailed overview, refer to the Azure Disk Encryption documentation.
Steps
Step 1: Create a Key Vault
Navigate to Key vaults.
Click "+ Create".
Step 2: Configure the Key Vault
Basics tab:
Key vault name: "DavidADEKeyVault"
Region: Should match the region of your VMs to be encrypted.
Access configuration tab:
Permission model: "Vault access policy"
Resource access: Select all.
Click "+ Create" for "Access policies" if the default is not sufficient.
Permissions: Select All.
Principal: Select your account.
Click "Create".
Step 3: Review and Create the Key Vault
Click "Review + create".
Click "Create".
Step 4: Create a New VM
Navigate to "Virtual machines".
Click "+ Create".
Step 5: Configure the Virtual Machine
Basics tab:
Virtual machine name: "SecuredVM"
Region: Same as the Key Vault.
Size: "Standard F2s v2 (2 vcpus, 4 GiB memory)" (Use the fastest F series for demonstration, as the VM's processing power will affect encryption time.)
Step 6: Review and Create the VM
Click "Review + create".
Click "Create".
Step 7: Snapshot the Managed Disk
Before enabling Azure Disk Encryption, it is MANDATORY to snapshot/backup the target managed disk.
Navigate to the newly created VM, "SecuredVM".
Click "Disks".
Step 8: Create a Snapshot of the OS Disk
Click the OS Disk.
Click "+ Create snapshot".
Step 9: Configure the Snapshot
Basics tab:
Name: "BeforeADEVM".
Step 10: Review and Create the Snapshot
Click "Review + create".
Click "Create".
Step 11: Enable Azure Disk Encryption via Azure Cloud Shell
Open Azure Cloud Shell.
Run the following commands see more:
$RGName = "RGroup1"
$VMName = "SecuredVM"
$VaultName = "DavidADEKeyVault"
$KeyVault = Get-AzKeyVault -VaultName $VaultName -ResourceGroupName $RGName
$DiskEncryptionKeyVaultUrl = $KeyVault.VaultUri
$KeyVaultResourceId = $KeyVault.ResourceId
$VolumeType = "All"
Set-AzVMDiskEncryptionExtension -ResourceGroupName $RGName -VMName $VMName -DiskEncryptionKeyVaultUrl $DiskEncryptionKeyVaultUrl -DiskEncryptionKeyVaultId $KeyVaultResourceId -VolumeType $VolumeType
Answer "Y" to confirm.
Wait for several minutes.
Result
You will see that the managed disk is encrypted with Azure Disk Encryption (ADE).
And remember to clean up the related resources after finishing the exercise.
Conclusion
In this lab, you successfully configured Azure Disk Encryption for your virtual machine, enhancing its security posture and meeting potential compliance requirements. Understanding and implementing ADE not only prepares you for the AZ-104 exam but also equips you with essential skills for managing secure Azure environments. Be sure to practice these steps to reinforce your knowledge and readiness for the certification exam.
Top comments (0)