Oct 05 2020 07:11 AM
I would like to ask anyone about target of change according to managed disk encryption within IaaS VMs at Azure using BYOK methods (see choices bellow).
Does anyone know whether ADE is still futured functionality, or MS aims to use SSE BYOK and ADE will be deprecated in future?? (Azure portal offer SSE BYOK by default)
There are more choices you have for example:
a) AzureDiskEncryption using BYOK
Documentation:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/disk-encryption-overview
Support for ARM in all API versions (for example the last one 2019-12-01):
https://docs.microsoft.com/en-us/azure/templates/microsoft.compute/2019-12-01/virtualmachines
(you can use alternativelly also KEK functionality to encrypt BEK keys)
b) StorageServiceEncryption using BYOK
since 04/2020 GA:
Documentation:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/disk-encryption
Support for ARM to API version since 2019-07-01 (so it is in 2019-07-01 and 2019-12-01):
https://docs.microsoft.com/en-us/azure/templates/microsoft.compute/2019-07-01/virtualmachines