Azure Disk Encryption Protects VMs at Rest

Azure Disk Encryption, a free set of tools that work with disk encryption technologies built into Windows and many recent Linux distributions, could help customers protect data, ensure certain compliance standards, and audit boot and access of protected drives. Virtual hard disks (VHDs) are encrypted and protected within Azure, and they are also protected if they are errantly or intentionally duplicated outside of Azure, as the keys used to unlock them remain in Azure. Some organizations may want to wait for additional features or support for organizational encryption key management, which are likely to arrive in the future.

Understanding Azure Disk Encryption

Azure Disk Encryption can be used to encrypt and decrypt virtual disks used with Azure virtual machines (VMs). Once these disks are encrypted, the data on them will be protected even if the disks are duplicated, downloaded, or lost.

Azure Disk Encryption is not a service but a free framework of tools that uses disk encryption technology built into the OS it is helping to protect. It can be used to protect the OS (and generally data) disks of Azure VMs running Windows or Linux. Azure Disk Encryption consists of three components that work together to manage the built-in OS disk encryption technologies in VMs: