Linux VM's encryption state inconsistent

Manuel 41 Reputation points
2020-06-14T14:36:51.553+00:00

After initiating ADE for a Linux VM's data disks I experience inconsistent states throughout the Azure portal and also within the CLI:

The Azure portal shows "SSE with PMK" (does not mention ADE).

az vm encryption show shows: 

"name": "centos7-test-datadisk",
      "statuses": [
        {
          "code": "EncryptionState/encrypted",
          "displayStatus": "Encryption is enabled on disk",
          "level": "Info",
          "message": null,
          "time": null
        }
      ]
    }
  ],
  "status": [
    {
      "code": "ProvisioningState/succeeded",
      "displayStatus": "Provisioning succeeded",
      "level": "Info",
      "message": "Encryption succeeded for data volumes",
      "time": null
    }
  ],
  "substatus": [
    {
      "code": "ComponentStatus/Microsoft.Azure.Security.AzureDiskEncryptionForLinux/succeeded",
      "displayStatus": "Provisioning succeeded",
      "level": "Info",
      "message": "{\"os\": \"NotEncrypted\", \"data\": \"NotEncrypted\"}",
      "time": null
    }
  ]

The data disk itself shows as encrypted, while the the second line before the last shows "data:NotEncrypted".

How to reliably verify if my disks are encrypted?

Azure Disk Encryption
Azure Disk Encryption
An Azure service for virtual machines (VMs) that helps address organizational security and compliance requirements by encrypting the VM boot and data disks with keys and policies that are controlled in Azure Key Vault.
162 questions
0 comments
Accepted answer
  1. Leon Laude 85,716 Reputation points
    2020-06-14T14:56:11.843+00:00

    Hi,

    There are a few methods listed over here:

    Verify encryption status for Linux
    https://video2.skills-academy.com/en-us/azure/virtual-machines/linux/how-to-verify-encryption-status

    Best regards,
    Leon

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest