You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/virtual-machines/disk-encryption-overview.md
+3-3Lines changed: 3 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -2,7 +2,7 @@
2
2
title: Overview of managed disk encryption options
3
3
description: Overview of managed disk encryption options
4
4
author: msmbaldwin
5
-
ms.date: 03/28/2023
5
+
ms.date: 04/05/2023
6
6
ms.topic: conceptual
7
7
ms.author: mbaldwin
8
8
ms.service: virtual-machines
@@ -18,7 +18,7 @@ There are several types of encryption available for your managed disks, includin
18
18
19
19
-**Encryption at host** is a Virtual Machine option that enhances Azure Disk Storage Server-Side Encryption to ensure that all temp disks and disk caches are encrypted at rest and flow encrypted to the Storage clusters. For full details, see [Encryption at host - End-to-end encryption for your VM data](./disk-encryption.md#encryption-at-host---end-to-end-encryption-for-your-vm-data).
20
20
21
-
-**Azure Disk Encryption** helps protect and safeguard your data to meet your organizational security and compliance commitments. ADE encrypts the OS and data disks of Azure virtual machines (VMs) inside your VMs by using the [DM-Crypt](https://wikipedia.org/wiki/Dm-crypt) feature of Linux or the [BitLocker](https://wikipedia.org/wiki/BitLocker) feature of Windows. ADE is integrated with Azure Key Vault to help you control and manage the disk encryption keys and secrets. For full details, see [Azure Disk Encryption for Linux VMs](./linux/disk-encryption-overview.md) or [Azure Disk Encryption for Windows VMs](./windows/disk-encryption-overview.md).
21
+
-**Azure Disk Encryption** helps protect and safeguard your data to meet your organizational security and compliance commitments. ADE encrypts the OS and data disks of Azure virtual machines (VMs) inside your VMs by using the [DM-Crypt](https://wikipedia.org/wiki/Dm-crypt) feature of Linux or the [BitLocker](https://wikipedia.org/wiki/BitLocker) feature of Windows. ADE is integrated with Azure Key Vault to help you control and manage the disk encryption keys and secrets, with the option to encrypt with a key encryption key (KEK). For full details, see [Azure Disk Encryption for Linux VMs](./linux/disk-encryption-overview.md) or [Azure Disk Encryption for Windows VMs](./windows/disk-encryption-overview.md).
22
22
23
23
-**Confidential disk encryption** binds disk encryption keys to the virtual machine's TPM and makes the protected disk content accessible only to the VM. The TPM and VM guest state is always encrypted in attested code using keys released by a secure protocol that bypasses the hypervisor and host operating system. Currently only available for the OS disk. Encryption at host may be used for other disks on a Confidential VM in addition to Confidential Disk Encryption. For full details, see [DCasv5 and ECasv5 series confidential VMs](../confidential-computing/confidential-vm-overview.md#confidential-os-disk-encryption).
24
24
@@ -34,7 +34,7 @@ Here's a comparison of Disk Storage SSE, ADE, encryption at host, and Confidenti
34
34
| Temp disk encryption |❌|✅|✅|❌|
35
35
| Encryption of caches |❌|✅|✅|✅|
36
36
| Data flows encrypted between Compute and Storage |❌|✅|✅|✅|
37
-
| Customer control of keys |✅ When configured with DES |✅ When configured with DES |✅|✅|
37
+
| Customer control of keys |✅ When configured with DES |✅ When configured with DES |✅When configured with KEK |✅ When configured with DES|
38
38
| Does not use your VM's CPU |✅|✅|❌|❌|
39
39
| Works for custom images |✅|✅|❌ Does not work for custom Linux images |✅|
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments