azure-cli: Error using disk encryption

Describe the bug az disk encryption Failed. VM has reported a failure when processing extension ‘AzureDiskEncryption’. Error message: "Failed to configure bitlocker as expected. Exception: Access denied, InnerException: , stack trace: at Microsoft.Cis.Security.BitLocker.BitlockerIaasVMExtension.BitlockerExtension.UploadBekToKeyVault(EncryptableVolume vol, String protectorId, Boolean saveKeyToBekVolume) To Reproduce Steps to reproduce the behavior.

Expected behavior A clear and concise description of what you expected to happen.

Environment summary Install Method (e.g. pip, interactive script, apt-get, Docker, MSI, edge build) / CLI version (az --version) / OS version / Shell Type (e.g. bash, cmd.exe, Bash on Windows)

Additional context Add any other context about the problem here.

About this issue

  • Original URL
  • State: closed
  • Created 5 years ago
  • Comments: 16 (7 by maintainers)

Most upvoted comments

The new version eliminates this requirement. More on this is available here: https://docs.microsoft.com/en-us/azure/security/azure-security-disk-encryption-prerequisites-aad

+2
ejarvi on Mar 12, 2019

Yes . When I create a Windows VM the OS Disk is created automatically. Then i create a Data disk and save. I run this command from CLI to encrypt “az vm encryption enable -g resourceGroup -n myVM --disk-encryption myVault --volume-type All” it runs but only Enrypts osDisk not dataDisk . It does not give me an error message.

+1
Aaronmcd1978 on Mar 13, 2019
Read more comments on GitHub
← azure-cli: Error uploading file using `az storage file upload` on az cli 2.54.0
azure-cli: Error when providing relative path to json file with --settings parameter →