You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/virtual-machines/disk-encryption-overview.md
+5-4Lines changed: 5 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -28,7 +28,7 @@ Encryption is part of a layered approach to security and should be used with oth
28
28
29
29
Here's a comparison of Disk Storage SSE, ADE, encryption at host, and Confidential disk encryption.
30
30
31
-
|| Encryption at rest (OS and data disks) | Temp disk encryption | Encryption of caches | Data flows encrypted between Compute and Storage | Customer control of keys | Does not use your VM's CPU | Works for custom images | Enhanced Key Protection | Microsoft Defender for Cloud disk encryption status[^1]|
31
+
|| Encryption at rest (OS and data disks) | Temp disk encryption | Encryption of caches | Data flows encrypted between Compute and Storage | Customer control of keys | Does not use your VM's CPU | Works for custom images | Enhanced Key Protection | Microsoft Defender for Cloud disk encryption status*|
32
32
|--|--|--|--|--|--|--|--|--|--|
33
33
|**Azure Disk Storage Server-Side Encryption at rest**|✅|❌|❌|❌|✅ When configured with DES |✅|✅|❌| Unhealthy |
34
34
|**Azure Disk Encryption**|✅|✅|✅|✅|✅|❌|❌ Does not work for custom Linux images |❌| Healthy |
@@ -38,9 +38,10 @@ Here's a comparison of Disk Storage SSE, ADE, encryption at host, and Confidenti
38
38
> [!IMPORTANT]
39
39
> For Confidential disk encryption, Microsoft Defender for Cloud does not currently have a recommendation that is applicable.
40
40
41
-
[^1] Microsoft Defender for Cloud has the following disk encryption recommendations:
42
-
*[\[Preview\]: Windows virtual machines should enable Azure Disk Encryption or EncryptionAtHost.](https://ms.portal.azure.com/#view/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2fproviders%2fMicrosoft.Authorization%2fpolicyDefinitions%2f3dc5edcd-002d-444c-b216-e123bbfa37c0)
43
-
*[\[Preview\]: Linux virtual machines should enable Azure Disk Encryption or EncryptionAtHost.](https://ms.portal.azure.com/#view/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2fproviders%2fMicrosoft.Authorization%2fpolicyDefinitions%2fca88aadc-6e2b-416c-9de2-5a0f01d1693f)
41
+
\* Microsoft Defender for Cloud has the following disk encryption recommendations:
42
+
*[Virtual machines should encrypt temp disks, caches, and data flows between Compute and Storage resources] (https://ms.portal.azure.com/#view/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F0961003e-5a0a-4549-abde-af6a37f2724d) (Only detects Azure Disk Encryption)
43
+
*[\[Preview\]: Windows virtual machines should enable Azure Disk Encryption or EncryptionAtHost](https://ms.portal.azure.com/#view/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2fproviders%2fMicrosoft.Authorization%2fpolicyDefinitions%2f3dc5edcd-002d-444c-b216-e123bbfa37c0) (Detects both Azure Disk Encryption and EncryptionAtHost)
44
+
*[\[Preview\]: Linux virtual machines should enable Azure Disk Encryption or EncryptionAtHost](https://ms.portal.azure.com/#view/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2fproviders%2fMicrosoft.Authorization%2fpolicyDefinitions%2fca88aadc-6e2b-416c-9de2-5a0f01d1693f) (Detects both Azure Disk Encryption and EncryptionAtHost)
0 commit comments