Skip to content

Commit 2c4438d

Browse files
PRMerger9PRMerger9
authored
Merge pull request #158610 from ejarvi/patch-28
Update disk-encryption-overview.md
2 parents 0f0f695 + c3ed07a commit 2c4438d

File tree

1 file changed

+3
-1
lines changed

1 file changed

+3
-1
lines changed

articles/virtual-machines/windows/disk-encryption-overview.md

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -62,6 +62,8 @@ Azure Disk Encryption uses the BitLocker external key protector for Windows VMs.
6262

6363
BitLocker policy on domain joined virtual machines with custom group policy must include the following setting: [Configure user storage of BitLocker recovery information -> Allow 256-bit recovery key](/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings). Azure Disk Encryption will fail when custom group policy settings for BitLocker are incompatible. On machines that didn't have the correct policy setting, apply the new policy, force the new policy to update (gpupdate.exe /force), and then restarting may be required.
6464

65+
Azure Disk Encryption does not store recovery keys. If the [Interactive logon: Machine account lockout threshold](/windows/security/threat-protection/security-policy-settings/interactive-logon-machine-account-lockout-threshold) security setting is enabled, machines can only be recovered by providing a recovery key via the serial console. Instructions for ensuring the appropriate recovery policies are enabled can be found in the [Bitlocker recovery guide plan](/windows/security/information-protection/bitlocker/bitlocker-recovery-guide-plan).
66+
6567
Azure Disk Encryption will fail if domain level group policy blocks the AES-CBC algorithm, which is used by BitLocker.
6668

6769
## Encryption key storage requirements
@@ -88,4 +90,4 @@ The following table defines some of the common terms used in Azure disk encrypti
8890
- [Azure Disk Encryption scenarios on Windows VMs](disk-encryption-windows.md)
8991
- [Azure Disk Encryption prerequisites CLI script](https://github.com/ejarvi/ade-cli-getting-started)
9092
- [Azure Disk Encryption prerequisites PowerShell script](https://github.com/Azure/azure-powershell/tree/master/src/Compute/Compute/Extension/AzureDiskEncryption/Scripts)
91-
- [Creating and configuring a key vault for Azure Disk Encryption](disk-encryption-key-vault.md)
93+
- [Creating and configuring a key vault for Azure Disk Encryption](disk-encryption-key-vault.md)

0 commit comments

Comments
 (0)