How To Encrypt an Existing Azure VM Disks

In this blog post, I will show you how I encrypt an existing Azure virtual machine operating system and data disk.

By default, Azure offers at rest and transit encryption; both technologies provide high security.

On top of the default encryption, Azure offers disk drive encryption using Azure key vault.

Get Started

To encrypt an existing VM, we will need to create an Azure Key Vault in the same region as our VM.

We can create the Key vault at the same time we enable Encryption as you will see.


To encrypt my VM, I will open it in the Azure portal and click on Disks.

From the disks page, I will click on Encryption.

From the encryption screen, I will select the disks I would like to encrypt.

After selecting the disks, I will click on Select a key vault and key for encryption

From the Key vault menu, I will create a new Key vault in the same region.

From the create key wizard, I will select the key time.

When the key has been created, I will be redirected back the to VM encryption menu as shown below.

After clicking Save, Azure will display the message below that the VM will be restarted.

Check that VM in Encryption

To check that the VM is encrypted, after the restart, I will click on Disks and review the value under Encryption.

Success! You're on the list.