cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Azure VM EncryptionAtRest: StorageServiceEncryption BYOK vs AzureDiskEncryption

AdamKolak-6034
Copper Contributor

‎Oct 05 2020 07:11 AM

‎Oct 05 2020 07:11 AM

Azure VM EncryptionAtRest: StorageServiceEncryption BYOK vs AzureDiskEncryption

I would like to ask anyone about target of change according to managed disk encryption within IaaS VMs at Azure using BYOK methods (see choices bellow).

 

Does anyone know whether ADE is still futured functionality, or MS aims to use SSE BYOK and ADE will be deprecated in future?? (Azure portal offer SSE BYOK by default)

 

There are more choices you have for example:

a) AzureDiskEncryption using BYOK

Documentation:

https://docs.microsoft.com/en-us/azure/virtual-machines/windows/disk-encryption-overview

Support for ARM in all API versions (for example the last one 2019-12-01):

https://docs.microsoft.com/en-us/azure/templates/microsoft.compute/2019-12-01/virtualmachines

(you can use alternativelly also KEK functionality to encrypt BEK keys)

 

b) StorageServiceEncryption using BYOK

since 04/2020 GA:

https://azure.microsoft.com/en-us/updates/serverside-encryption-with-customermanaged-keys-is-now-ava...

Documentation:

https://docs.microsoft.com/en-us/azure/virtual-machines/windows/disk-encryption

Support for ARM to API version since 2019-07-01 (so it is in 2019-07-01 and 2019-12-01):

https://docs.microsoft.com/en-us/azure/templates/microsoft.compute/2019-07-01/virtualmachines

 

486 Views
0 Likes
0 Replies
Reply
0 Replies