DEVHIDE
Login Or Sign up

How to iterate through each disk associated with Azure VM and get the encryption status using PowerShell?

553 Views Asked by At

I want to first get the list of disks associated with a VM and then iterate through each disk properties to identify if the disk is Customer Managed Key(CMK) encrypted or not. How to perform this check using Azure PowerShell?

azure-powershell azure-vm azure-disk
Original Q&A
1

There are 1 best solutions below

0
On BEST ANSWER

Generally, To get the encryption status of the virtual machine, you can use the Get-AzVMDiskEncryptionStatus cmdlet with the following syntax:

Get-AzVmDiskEncryptionStatus -ResourceGroupName $resourceGroupName -VMName $vmName

You will see the encryption status of the operating system and the data volumes.

If the above OsVolumeEncrypted or DataVolumesEncrypted displayed Encrypted, you probably have osDisk or dataDisk encrypted with CMK.

You also could capture the encryption settings from each disk by using the following PowerShell commands. For more details, you could read this article.

RGNAME="RGNAME"
VMNAME="VNAME"

$VM = Get-AzVM -Name $VMNAME -ResourceGroupName $RGNAME  
 $Sourcedisk = Get-AzDisk -ResourceGroupName $RGNAME -DiskName $VM.StorageProfile.OsDisk.Name
 Write-Host "============================================================================================================================================================="
 Write-Host " OS disk Encryption Settings:"
 Write-Host "============================================================================================================================================================="
 Write-Host "Enabled:" $Sourcedisk.EncryptionSettingsCollection.Enabled
 Write-Host "Version:" $Sourcedisk.EncryptionSettingsCollection.EncryptionSettingsVersion
 Write-Host "Source Vault:" $Sourcedisk.EncryptionSettingsCollection.EncryptionSettings.DiskEncryptionKey.SourceVault.Id
 Write-Host "Secret URL:" $Sourcedisk.EncryptionSettingsCollection.EncryptionSettings.DiskEncryptionKey.SecretUrl
 Write-Host "Key URL:" $Sourcedisk.EncryptionSettingsCollection.EncryptionSettings.KeyEncryptionKey.KeyUrl
 Write-Host "============================================================================================================================================================="

 foreach ($i in $VM.StorageProfile.DataDisks| ForEach-Object{$_.Name})
 {
 Write-Host "============================================================================================================================================================="
 Write-Host "Data Disk Encryption Settings:"
 Write-Host "============================================================================================================================================================="
 Write-Host "Checking Disk:" $i
 $Sourcedisk=(Get-AzDisk -ResourceGroupName $RGNAME -DiskName $i)
 Write-Host "Encryption Enable: " $Sourcedisk.EncryptionSettingsCollection.Enabled
 Write-Host "Encryption KeyEncryptionKey: " $Sourcedisk.EncryptionSettingsCollection.EncryptionSettings.KeyEncryptionKey.KeyUrl;
 Write-Host "Encryption DiskEncryptionKey: " $Sourcedisk.EncryptionSettingsCollection.EncryptionSettings.DiskEncryptionKey.SecretUrl;
 Write-Host "============================================================================================================================================================="
 }

Related Questions in AZURE-POWERSHELL

Related Questions in AZURE-VM

Related Questions in AZURE-DISK

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.