Issue with Defender Recommendations - Linux virtual machines should enable Azure Disk Encryption or EncryptionAtHost.

Kuldeep Singh(OT) 60 Reputation points
2024-06-15T08:00:35.97+00:00

HI i have 3 virtual machines in azure

i have enabled one week back Encryption at host for all machines -

Now am seeing - Recommendations - Virtual machines and virtual machine scale sets should have encryption at host enabled is now in healthy state.

but at same time - Recommendations Linux virtual machines should enable Azure Disk Encryption or EncryptionAtHost. is still in unhealthy state.

it should not be like that.

is this a glitch from azure or i need to do more stuff. can someone help me with it.

Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
7,459 questions
Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,250 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. akinbade abiola 6,735 Reputation points
    2024-06-15T08:25:42.9+00:00

    Hello Kuldeep Singh(OT),

    Thanks for your question.

    I will recommend the following:

    Verify that Encryption at Host is indeed enabled for all your VMs. You can do this through the Azure portal or Azure CLI. To do this with CLI, see:

    az vm encryption show --name MyVirtualMachine --resource-group MyResourceGroup

    If confirmed it is enabled, then Give it some time (up to 24 hours) for Azure to refresh its recommendation status.

    See: https://video2.skills-academy.com/en-us/azure/virtual-machines/windows/disk-encryption-overview

    Regards,

    You can mark it 'Accept Answer' if this helped you

  2. kobulloc-MSFT 25,651 Reputation points Microsoft Employee
    2024-06-24T18:39:25.28+00:00

    Hello, @Kuldeep Singh(OT) !

    Why am I getting a Defender recommendation for EncryptionAtHost when it is already enabled?

    This appears to be unintended behavior and we would like to look at your resources to further investigate the issue. Please email the following to AzCommunity@microsoft.com and we'll get back to you promptly:

    • Subject: "Attn: kobulloc - Defender EncryptionAtHost recommendation"
    • Email body: Your Subscription ID
    • Email body: A link to this thread so we can validate and expedite the request

    If you don't receive a response within 24 hours, please reply to the thread so we can investigate.

    Issue summary:

    • Encryption at Host has been enabled for all VMs.
    • You have verified that Encryption at Host is enabled via az vm encruption show on your Linux VMs.
    • Defender shows a healthy state for Encryption at Host on your Linux VMs.
    • Defender shows an unhealthy state for Encryption at Host or enable Azure Disk Encryption for your Linux VMs.

    I hope this has been helpful! Your feedback is important so please take a moment to accept answers.

    If you still have questions, please let us know what is needed in the comments so the question can be answered. Thank you for helping to improve Microsoft Q&A!

    User's image