You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/devtest-labs/encrypt-disks-customer-managed-keys.md
+7-7Lines changed: 7 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -17,13 +17,13 @@ Server-side encryption (SSE) protects your data and helps you meet your organiza
17
17
In Azure DevTest Labs, all OS disks and data disks created in a lab are encrypted via platform-managed keys. However, as a lab owner, you can choose to manage the encryption of lab virtual machine disks by using your own keys. If you choose to manage encryption by using your own keys, you can specify a *customer-managed key* to use for encrypting data in lab disks. To learn more about SSE with customer-managed keys, and other managed disk encryption types, see [Customer-managed keys](/azure/virtual-machines/disk-encryption#customer-managed-keys). Also, see [restrictions with using customer-managed keys](/azure/virtual-machines/disks-enable-customer-managed-keys-portal#restrictions).
18
18
19
19
> [!NOTE]
20
-
> -The disk encryption setting applies to newly created disks in the lab. If you change the disk encryption set at some point, older disks in the lab will continue to be encrypted with the previous disk encryption set.
20
+
> The disk encryption setting applies to newly created disks in the lab. If you change the disk encryption set at some point, older disks in the lab will continue to be encrypted with the previous disk encryption set.
21
21
22
22
The following section shows how a lab owner can set up encryption with a customer-managed key.
23
23
24
24
## Prerequisites
25
25
26
-
- If you don't have a disk encryption set, complete the steps in this article to [set up a key vault and a disk encryption set](/azure/virtual-machines/disks-enable-customer-managed-keys-portal). Note the following requirements for the disk encryption set:
26
+
- If you don't have a disk encryption set, [complete the steps in this article to set up a key vault and a disk encryption set](/azure/virtual-machines/disks-enable-customer-managed-keys-portal). Note the following requirements for the disk encryption set:
27
27
28
28
- The disk encryption set needs to be in same region and subscription as your lab.
29
29
- The lab owner needs to have at least reader-level access to the disk encryption set that will be used to encrypt lab disks.
@@ -47,13 +47,13 @@ The following section shows how a lab owner can set up encryption with a custome
47
47
48
48
## Encrypt lab OS disks with a customer-managed key
49
49
50
-
1. On the overview page for your lab in the Azure portal, select **Configuration and policies** in the left menu.
51
-
1.On the **Configuration and policies** page, select **Disks (Preview)** in the **Encryption** section. By default, **Encryption type** is set to **Encryption at-rest with a platform managed key**.
50
+
1. On the overview page for your lab in the Azure portal, select **Configuration and policies** in the left pane.
51
+
1.In the left pane of the **Configuration and policies** page, select **Disks (Preview)** in the **Encryption** section. By default, **Encryption type** is set to **Encryption at-rest with a platform managed key**.
52
52
53
53
:::image type="content" source="./media/encrypt-disks-customer-managed-keys/disks-page.png" alt-text="Screenshot that shows the Disks pane in Configuration and policies." lightbox="./media/encrypt-disks-customer-managed-keys/disks-page.png":::
54
54
55
-
1.Under **Encryption type**, select **Encryption at-rest with a customer managed key**.
56
-
1.For **Disk encryption set**, select the disk encryption set you created earlier. It's the same disk encryption set that the system-assigned identity of the lab can access.
55
+
1.In the **Encryption type** box, select **Encryption at-rest with a customer managed key**.
56
+
1.In the **Disk encryption set** box, select the disk encryption set you created earlier. It's the same disk encryption set that the system-assigned identity of the lab can access.
57
57
1. Select **Save** at the top of the pane.
58
58
59
59
:::image type="content" source="./media/encrypt-disks-customer-managed-keys/disk-encryption-set.png" alt-text="Screenshot that shows the steps to complete in Configuration and policies." lightbox="./media/encrypt-disks-customer-managed-keys/disk-encryption-set.png":::
@@ -74,7 +74,7 @@ The following section shows how a lab owner can set up encryption with a custome
74
74
> [!div class="mx-imgBorder"]
75
75
> :::image type="content" source="./media/encrypt-disks-customer-managed-keys/vm-resource-group.png" alt-text="Screenshot that shows the VM in its resource group." lightbox="./media/encrypt-disks-customer-managed-keys/vm-resource-group.png":::
76
76
77
-
1. In the left pane, select **Encryption**. Validate that encryption is set to customer-managed key with the disk encryption set that you selected.
77
+
1. In the left pane, under **Settings**, select **Encryption**. Validate that encryption is set to customer-managed key with the disk encryption set that you selected.
78
78
79
79
> [!div class="mx-imgBorder"]
80
80
> :::image type="content" source="./media/encrypt-disks-customer-managed-keys/validate-encryption.png" alt-text="Screenshot that shows the encryption type of the VM.":::
0 commit comments