Azure Disk Encryption – upgrade from Azure AD

Old version Azure Disk Encryption with Azure AD app uses Extension AzureDiskEncryption version 1.*.

New Azure Disk Encryption uses Extension AzureDiskEncryption version 2.*. Switching from AAD application Encryption for this encrypted VM isn’t supported yet.

Here is unofficial, not-supported way:

On VM using PowerShell as an Admin – disable Encryption, first:

manage-bde -status #write recovery password

Suspend-BitLocker -MountPoint “C:” -RebootCount 0

manage-bde -off c:

manage-bde -status

Using regedit delete the following:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Azure\BitlockerExtension

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Azure\HandlerState\Microsoft.Azure.Security.AzureDiskEncryption_1.1.0.4

Delete directory:

C:\Packages\Plugins\Microsoft.Azure.Security.AzureDiskEncryption\

After that you must shut down VM, not reboot (!) just because Azure Agent install Extension just again. After switching off you have to follow this:

https://rzetelnekursy.pl/azure-disk-encryption-troubleshooting/

Azure Disk Encryption – upgrade from Azure AD

Added to Cart