New disk based on ADE disk snapshot doesn't have ADE enabled?

Hi everyone,

I would like to make sure if this is an intended behavior when a new disk that was based on Azure Disk Encryption (ADE) disk snapshot.

I have an ADE VM that I did a snapshot of its OS disk. I did confirm that it has ADE enabled.

Then I created a new disk based on the snapshot.
And finally I created a VM with that new disk attached.
But when I checked the VM's disk properties, it has the ADE as "Not Enabled."

Is this the intended behavior? Just want to make sure.

Thank you

  1. Keshavulu Dasari 4,925 Reputation points β€’ Microsoft External Staff β€’ Moderator

    Hi Handinata Tanudjaja ,

    If you have any other questions or are still running into more issues, let me know in the "comments" and I would be happy to help you.

  2. Keshavulu Dasari 4,925 Reputation points β€’ Microsoft External Staff β€’ Moderator

    Hi Handinata Tanudjaja ,

    If you have any other questions or are still running into more issues, let me know in the "comments" and I would be happy to help you.

  3. HandinataTanudjaja-6677 380 Reputation points

    Thank you for the answer.
    I actually found the issue why the disk didn't stay enabled.
    What I need to do is to create the VM from the disk page. That will make the ADE stays enabled actually.

  4. Keshavulu Dasari 4,925 Reputation points β€’ Microsoft External Staff β€’ Moderator

    @ Handinata Tanudjaja,

    Great that out! Yes, creating the VM directly from the disk page ensures that the ADE settings are retained.

    Please do not forget to "Accept the answer” and β€œup-vote” wherever the information provided helps you, this can be beneficial to other community members ,. Your contribution is highly appreciated.__
    __
    If you have any other questions or are still running into more issues, let me know in the "comments" and I would be glad to assist you

Sign in to comment

1 answer

  1. Keshavulu Dasari 4,925 Reputation points β€’ Microsoft External Staff β€’ Moderator

    Hi Handinata Tanudjaja ,

    Yes, this behavior is expected. When you create a new disk from a snapshot of an Azure Disk Encryption enabled disk, the encryption settings do not automatically carry over to the new disk. You need to re-enable ADE on the new disk after it has been created

    To ensure the new disk has ADE enabled,

    1.Attach the new disk to a VM.

    2.Enable ADE on the new disk using the Azure portal, PowerShell, or CLI.

    This process ensures that the new disk is encrypted and meets your security requirements.

    For more information:

    https://learn.microsoft.com/en-us/azure/virtual-machines/image-version-encryption?tabs=PowerShell

    https://learn.microsoft.com/en-us/azure/virtual-machines/disk-encryption-overview

    Please do not forget to "Accept the answer” and β€œup-vote” wherever the information provided helps you, this can be beneficial to other community members.           

    πŸ‘ User's image

    If you have any other questions or are still running into more issues, let me know in the "comments" and I would be happy to help you.

    0 comments No comments
    Sign in to comment
Sign in to answer

Your answer