Unable to Enable Encryption at host for Azure VM

Tahami Rizwan 45 Reputation points

I'm attempting to enable Encryption at host for a virtual machine (VM) in Azure. I've confirmed that the "Microsoft.Compute" resource provider is registered in my Azure subscription, and when I run the necessary command to verify, it shows as registered. However, when I try to enable encryption at the host level for the VM's disk, I encounter the following error:

Failed to update 'abc-vm'. Error: The property 'securityProfile.encryptionAtHost' is not valid because the 'Microsoft.Compute/EncryptionAtHost' feature is not enabled for this subscription

Any guidance or assistance would be greatly appreciated.

  1. Chase, Justin M 0 Reputation points

    How do you do it through the Portal UI? I'm not running powershell.

Sign in to comment

2 answers

  1. Tushar Kumar 3,396 Reputation points MVP

    You must enable the feature for your subscription before you can use encryption at host for either your VM or Virtual Machine Scale Set. Use the following steps to enable the feature for your subscription:

    Azure portal: Select the Cloud Shell icon on the Azure portal:.

    👁 portal-launch-icon

    Execute the following command to register the feature for your subscription:

    Register-AzProviderFeature -FeatureName "EncryptionAtHost" -ProviderNamespace "Microsoft.Compute"

    Confirm that the registration state is Registered (registration may take a few minutes) using the following command before trying out the feature.

    Get-AzProviderFeature -FeatureName "EncryptionAtHost" -ProviderNamespace "Microsoft.Compute"

    https://learn.microsoft.com/en-us/azure/virtual-machines/disks-enable-host-based-encryption-portal?tabs=azure-powershell#prerequisites

    Hopefully this will resolve your issue.

    Please click "Accept as answer" if this helps.

    1. Tahami Rizwan 45 Reputation points

      Yes First I enable this with same steps as mentioned . It shows as "Registered". but when again enable Encryption at host option and save it gives the same error

    2. Tushar Kumar 3,396 Reputation points MVP

      Can you try enabling with CLI/Powershell

    3. Tahami Rizwan 45 Reputation points

      I first register subscription's Resource Provider (Microsoft compute) and then with azure cloud shell and CLI but same response

    4. Tushar Kumar 3,396 Reputation points MVP

      Just to confirm you have registered the Feature as well using the command mentioned above.

    5. Tahami Rizwan 45 Reputation points

      yes followed same process

    Sign in to comment
  2. Prrudram-MSFT 28,506 Reputation points Moderator

    Hi Tahami Rizwan

    Did you check if the feature is enabled for the correct subscription id?
    In case of multiple subscriptions, you need to set the subscription context and then run the following

    az feature register --namespace Microsoft.Compute --name EncryptionAtHost
    https://learn.microsoft.com/en-us/azure/virtual-machines/linux/disks-enable-host-based-encryption-cli#prerequisites

    If you continue to see the same error, I recommend you open an Azure support case and Azure technical support team will be able to further investigate the issue and help with this. If you don't have the ability to open a technical support ticket, please let me know and I can help you further with this.

    1. Daniel Moldovan 10 Reputation points

      Thank you! I had the same issue, the feature appeared as 'Registered' under the Get-AzProviderFeature command, but I wasn't able to enable it on a vm. This command unlocked the feature for me.

    2. Aymen Glaied 0 Reputation points

      Hi
      Did you stop the vm first or did it work without it?

    Sign in to comment
Sign in to answer

Your answer