Azure Disk Encryption
E937637
Azure Disk Encryption is a Microsoft Azure security feature that encrypts virtual machine disks using industry-standard encryption technologies to protect data at rest in the cloud.
Statements (44)
| Predicate | Object |
|---|---|
| instanceOf |
Azure security feature
ⓘ
disk encryption technology ⓘ |
| appliesTo | Azure virtual machine disks ⓘ |
| category |
cloud security
ⓘ
data protection ⓘ |
| configuration | enabled at the VM or disk level ⓘ |
| dependsOn |
Azure Active Directory identities for key access
ⓘ
Azure Key Vault access policies ⓘ |
| developedBy | Microsoft ⓘ |
| documentationURL | https://learn.microsoft.com/azure/virtual-machines/disk-encryption-overview ⓘ |
| encrypts |
Azure VM temporary disks (in some configurations)
ⓘ
OS disks ⓘ data disks ⓘ |
| goal | prevent unauthorized access to data if disks are stolen or copied ⓘ |
| helpsMeet | regulatory requirements for data protection ⓘ |
| improves | compliance posture ⓘ |
| integratesWith | Azure Security Center (now Microsoft Defender for Cloud) recommendations ⓘ |
| management |
configurable via Azure CLI
ⓘ
configurable via Azure Portal ⓘ configurable via Azure PowerShell ⓘ configurable via Azure Resource Manager templates ⓘ |
| partOf | Microsoft Azure NERFINISHED ⓘ |
| protects | data at rest ⓘ |
| provides | encryption at rest for Azure VM disks ⓘ |
| regionAvailability | most Azure public regions ⓘ |
| requires |
Azure Key Vault for key management
ⓘ
supported VM sizes and OS images ⓘ |
| scope | Infrastructure as a Service virtual machines ⓘ |
| securityProperty |
confidentiality of stored data
ⓘ
defense in depth for Azure workloads ⓘ |
| stores | encryption keys in Azure Key Vault ⓘ |
| supports |
Azure Resource Manager-based deployments
ⓘ
Linux virtual machines ⓘ Windows virtual machines ⓘ customer-managed keys ⓘ encryption of attached data volumes ⓘ encryption of boot volume ⓘ encryption of both managed and unmanaged disks (subject to platform support lifecycle) ⓘ encryption status reporting via Azure APIs ⓘ platform-managed keys (depending on configuration and evolution of service) ⓘ role-based access control for key operations via Azure Key Vault ⓘ |
| uses |
BitLocker
NERFINISHED
ⓘ
DM-Crypt NERFINISHED ⓘ industry-standard encryption technologies ⓘ |
Referenced by (1)
Full triples — surface form annotated when it differs from this entity's canonical label.