Merge pull request #232728 from divargas-msft/patch-8

Stacyrch140 · web-flow · commit 407718738bed · 2023-03-29T22:51:05.000-04:00
[Doc-a-thon] Updating disks-enable-host-based-encryption-cli
diff --git a/articles/virtual-machines/linux/disks-enable-host-based-encryption-cli.md b/articles/virtual-machines/linux/disks-enable-host-based-encryption-cli.md
@@ -4,7 +4,7 @@ description: Use encryption at host to enable end-to-end encryption on your Azur
 author: roygara
 ms.service: storage
 ms.topic: how-to
-ms.date: 03/28/2023
+ms.date: 03/29/2023
 ms.author: rogarana
 ms.subservice: disks
 ms.custom: references_regions, devx-track-azurecli
@@ -31,17 +31,16 @@ You must enable the feature for your subscription before you use the EncryptionA
 
 - Execute the following command to register the feature for your subscription
 
-```azurecli
+```azurecli-interactive
 az feature register --namespace Microsoft.Compute --name EncryptionAtHost
 ```
- 
+
 - Check that the registration state is **Registered** (takes a few minutes) using the command below before trying out the feature.
 
-```azurecli
+```azurecli-interactive
 az feature show --namespace Microsoft.Compute --name EncryptionAtHost
 ```
 
-
 ### Create resources
 
 > [!NOTE]
@@ -53,16 +52,16 @@ Once the feature is enabled, you need to set up a DiskEncryptionSet and either a
 
 ## Example scripts
 
-### Create a VM with encryption at host enabled with customer-managed keys. 
+### Create a VM with encryption at host enabled with customer-managed keys
 
-Create a VM with managed disks using the resource URI of the DiskEncryptionSet created earlier to encrypt cache of OS and data disks with customer-managed keys. The temp disks are encrypted with platform-managed keys. 
+Create a VM with managed disks using the resource URI of the DiskEncryptionSet created earlier to encrypt cache of OS and data disks with customer-managed keys. The temp disks are encrypted with platform-managed keys.
 
-```azurecli
+```azurecli-interactive
 rgName=yourRGName
 vmName=yourVMName
 location=eastus
 vmSize=Standard_DS2_v2
-image=UbuntuLTS 
+image=LinuxImageURN 
 diskEncryptionSetName=yourDiskEncryptionSetName
 
 diskEncryptionSetId=$(az disk-encryption-set show -n $diskEncryptionSetName -g $rgName --query [id] -o tsv)
@@ -79,16 +78,16 @@ az vm create -g $rgName \
 --data-disk-encryption-sets $diskEncryptionSetId $diskEncryptionSetId
 ```
 
-### Create a VM with encryption at host enabled with platform-managed keys. 
+### Create a VM with encryption at host enabled with platform-managed keys
 
-Create a VM with encryption at host enabled to encrypt cache of OS/data disks and temp disks with platform-managed keys. 
+Create a VM with encryption at host enabled to encrypt cache of OS/data disks and temp disks with platform-managed keys.
 
-```azurecli
+```azurecli-interactive
 rgName=yourRGName
 vmName=yourVMName
 location=eastus
 vmSize=Standard_DS2_v2
-image=UbuntuLTS 
+image=LinuxImageURN 
 
 az vm create -g $rgName \
 -n $vmName \
@@ -100,9 +99,9 @@ az vm create -g $rgName \
 --data-disk-sizes-gb 128 128 \
 ```
 
-### Update a VM to enable encryption at host. 
+### Update a VM to enable encryption at host
 
-```azurecli
+```azurecli-interactive
 rgName=yourRGName
 vmName=yourVMName
 
@@ -113,7 +112,7 @@ az vm update -n $vmName \
 
 ### Check the status of encryption at host for a VM
 
-```azurecli
+```azurecli-interactive
 rgName=yourRGName
 vmName=yourVMName
 
@@ -122,12 +121,11 @@ az vm show -n $vmName \
 --query [securityProfile.encryptionAtHost] -o tsv
 ```
 
-
-### Update a VM to disable encryption at host. 
+### Update a VM to disable encryption at host
 
 You must deallocate your VM before you can disable encryption at host.
 
-```azurecli
+```azurecli-interactive
 rgName=yourRGName
 vmName=yourVMName
 
@@ -136,24 +134,24 @@ az vm update -n $vmName \
 --set securityProfile.encryptionAtHost=false
 ```
 
-### Create a Virtual Machine Scale Set with encryption at host enabled with customer-managed keys. 
+### Create a Virtual Machine Scale Set with encryption at host enabled with customer-managed keys
 
 Create a Virtual Machine Scale Set with managed disks using the resource URI of the DiskEncryptionSet created earlier to encrypt cache of OS and data disks with customer-managed keys. The temp disks are encrypted with platform-managed keys. 
 
-```azurecli
+```azurecli-interactive
 rgName=yourRGName
 vmssName=yourVMSSName
 location=westus2
 vmSize=Standard_DS3_V2
-image=UbuntuLTS 
+image=LinuxImageURN  
 diskEncryptionSetName=yourDiskEncryptionSetName
 
 diskEncryptionSetId=$(az disk-encryption-set show -n $diskEncryptionSetName -g $rgName --query [id] -o tsv)
 
 az vmss create -g $rgName \
 -n $vmssName \
 --encryption-at-host \
---image UbuntuLTS \
+--image $image \
 --upgrade-policy automatic \
 --admin-username azureuser \
 --generate-ssh-keys \
@@ -162,30 +160,30 @@ az vmss create -g $rgName \
 --data-disk-encryption-sets $diskEncryptionSetId $diskEncryptionSetId
 ```
 
-### Create a Virtual Machine Scale Set with encryption at host enabled with platform-managed keys. 
+### Create a Virtual Machine Scale Set with encryption at host enabled with platform-managed keys
 
 Create a Virtual Machine Scale Set with encryption at host enabled to encrypt cache of OS/data disks and temp disks with platform-managed keys. 
 
-```azurecli
+```azurecli-interactive
 rgName=yourRGName
 vmssName=yourVMSSName
 location=westus2
 vmSize=Standard_DS3_V2
-image=UbuntuLTS 
+image=LinuxImageURN 
 
 az vmss create -g $rgName \
 -n $vmssName \
 --encryption-at-host \
---image UbuntuLTS \
+--image $image \
 --upgrade-policy automatic \
 --admin-username azureuser \
 --generate-ssh-keys \
 --data-disk-sizes-gb 64 128 \
 ```
 
-### Update a Virtual Machine Scale Set to enable encryption at host. 
+### Update a Virtual Machine Scale Set to enable encryption at host
 
-```azurecli
+```azurecli-interactive
 rgName=yourRGName
 vmssName=yourVMName
 
@@ -196,7 +194,7 @@ az vmss update -n $vmssName \
 
 ### Check the status of encryption at host for a Virtual Machine Scale Set
 
-```azurecli
+```azurecli-interactive
 rgName=yourRGName
 vmssName=yourVMName
 
@@ -205,11 +203,11 @@ az vmss show -n $vmssName \
 --query [virtualMachineProfile.securityProfile.encryptionAtHost] -o tsv
 ```
 
-### Update a Virtual Machine Scale Set to disable encryption at host. 
+### Update a Virtual Machine Scale Set to disable encryption at host
 
 You can disable encryption at host on your Virtual Machine Scale Set but, this will only affect VMs created after you disable encryption at host. For existing VMs, you must deallocate the VM, [disable encryption at host on that individual VM](#update-a-vm-to-disable-encryption-at-host), then reallocate the VM.
 
-```azurecli
+```azurecli-interactive
 rgName=yourRGName
 vmssName=yourVMName
 
@@ -245,7 +243,7 @@ When calling the [Resource Skus API](/rest/api/compute/resourceskus/list), check
 
 For the Azure PowerShell module, use the [Get-AzComputeResourceSku](/powershell/module/az.compute/get-azcomputeresourcesku) cmdlet.
 
-```powershell
+```azurepowershell-interactive
 $vmSizes=Get-AzComputeResourceSku | where{$_.ResourceType -eq 'virtualMachines' -and $_.Locations.Contains('CentralUSEUAP')} 
 
 foreach($vmSize in $vmSizes)
