You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
description: Azure Storage protects your data by encrypting it at rest before persisting it to Storage clusters. You can rely on Microsoft-managed keys for the encryption of your managed disks, or you can use customer-managed keys to manage encryption with your own keys.
4
4
author: roygara
5
5
6
-
ms.date: 01/13/2020
6
+
ms.date: 01/10/2020
7
7
ms.topic: conceptual
8
8
ms.author: rogarana
9
9
ms.service: virtual-machines-windows
@@ -50,22 +50,14 @@ The following list explains the diagram in even more detail:
50
50
51
51
To revoke access to customer-managed keys, see [Azure Key Vault PowerShell](https://docs.microsoft.com/powershell/module/azurerm.keyvault/) and [Azure Key Vault CLI](https://docs.microsoft.com/cli/azure/keyvault). Revoking access effectively blocks access to all data in the storage account, as the encryption key is inaccessible by Azure Storage.
52
52
53
-
### Supported scenarios and restrictions
54
-
55
-
For now, only the following scenarios are supported:
53
+
### Supported regions
54
+
- Available as a GA offering in East US, West US 2, and South Central US.
55
+
- Available as a public preview in West Central US, East US 2, Canada Central, and North Europe.
56
56
57
-
- Create a virtual machine (VM) from an Azure Marketplace image and encrypt the OS disk with server-side encryption using customer-managed keys.
58
-
- Create a custom image encrypted with server-side encryption and customer-managed keys.
59
-
- Create a VM from a custom image and encrypt the OS disk using server-side encryption and customer-managed keys.
60
-
- Create data disks encrypted using server-side encryption and customer-managed keys.
61
-
- (CLI/PowerShell only) Create snapshots that are encrypted using server-side encryption and customer-managed keys.
62
-
- Create virtual machine scale sets that are encrypted with server-side encryption and customer-managed keys.
63
-
-["Soft" and "Hard" RSA keys](../../key-vault/about-keys-secrets-and-certificates.md#keys-and-key-types) of size 2080 are supported.
57
+
### Restrictions
64
58
65
59
For now, we also have the following restrictions:
66
60
67
-
- Available as a GA offering in East US, West US 2, and South Central US.
68
-
- Available as a public preview in West Central US, East US 2, Canada Central, and North Europe.
69
61
- Disks created from custom images that are encrypted using server-side encryption and customer-managed keys must be encrypted using the same customer-managed keys and must be in the same subscription.
70
62
- Snapshots created from disks that are encrypted with server-side encryption and customer-managed keys must be encrypted with the same customer-managed keys.
71
63
- Custom images encrypted using server-side encryption and customer-managed keys cannot be used in the shared image gallery.
0 commit comments