Everyone is a strong proponent of strong encryption ~ Dorothy Denning
Azure Disk Encryption is used to encrypt data at rest for both Linux and Windows Virtual Machines.
Both OS and Data disks can be encrypted. Azure Disk Encryption service utilizes DM-Encryption feature of Linux for encryption and Bitlocker to encrypt Windows systems.
Disk Encryption is integrated with Azure Key vault for storing encryption keys. It's a requirement to have Key Vault and VMs in the same region and subscription.
Not all VM sizes can be encrypted, Basic and A-Series machines are not supported. A minimum of 4GB memory is required for machines to encrypt.
Only images/distributions endorsed by Azure are supported for by this feature.
Managed Disks are encrypted by default in the storage accounts, but if disks are exported from storage accounts, they are no longer encrypted. This is why we may need to encrypt them again using Azure Disk encryption(ADE) service.
Linux VMs Encryption
I have created a Ubuntu VM in Azure.
Obviously OS disk was created by default when we created the VM.
