I actually did this once and it worked fine, but i had to create another VM and now it sems to be failing for some reason. So here are the steps that i followed in order to encrypt my C drive.
1.Created an AAD on my azure account along with a secret. 2. Created a VM and downloaded all the necessary tools to encrypt 3. Create a key vault for my VM and Ran the below script in azure powershell
$rgName = 'ResourceGroup';
$vmName = 'VM';
$aadClientID = 'ID';
$aadClientSecret = 'secret';
$KeyVaultName = 'BitBucketKey';
$KeyVault = Get-AzureRmKeyVault -VaultName $KeyVaultName -ResourceGroupName $rgname;
$diskEncryptionKeyVaultUrl = $KeyVault.VaultUri;
$KeyVaultResourceId = $KeyVault.ResourceId;
Set-AzureRmKeyVaultAccessPolicy -VaultName $KeyVaultName -ServicePrincipalName
$aadClientID -PermissionsToKeys all -PermissionsToSecrets all -ResourceGroupName $rgname;
Set-AzureRmKeyVaultAccessPolicy -VaultName $KeyVaultName -ResourceGroupName
$rgname –EnabledForDiskEncryption
Set-AzureRmVMDiskEncryptionExtension -ResourceGroupName $rgname -VMName
$vmName -AadClientID $aadClientID -AadClientSecret $aadClientSecret -DiskEncryptionKeyVaultUrl
$diskEncryptionKeyVaultUrl -DiskEncryptionKeyVaultId $KeyVaultResourceId;
No matter what i try (hardcoding all variables), i still get the same error below
I know the key vault is enabled, but whats weird is the key vault and resource id i provide dont seem to match the error. Even when i hard code it. Ideas?
So apparently after you create a VM through azure(both RM and classic) and create a vault on that VM, it seems to permanently stick with it. I ended up creating a new VM from scratch and it worked. If anyone knows different please post here.