Do Not Use Azure Disk Encryption Anymore – Migrate to Server-Side Encryption (SSE) of Azure Disk

Azure Disk Encryption is scheduled for retirement on September 15, 2028. Until that date, you can continue to use Azure Disk Encryption without disruption. On September 15, 2028, ADE-enabled workloads will continue to run, but encrypted disks will fail to unlock after VM reboots, resulting in service disruption.

 🔹 Feature: Do Not Use Azure Disk Encryption Anymore – Migrate to Server-Side Encryption (SSE) of Azure Disk

🔹 What It Does: Encrypts your managed disks with server-side encryption, which is now the recommended solution for all VMs in Azure.

For high-security and compliance-focused customers, SSE is the clear choice:

✅ High-Security Options: Sensitive workloads can use double encryption at rest, adding another protection layer.  

✅ Encryption at Host for Temp Disks: Remember, temporary disks are not managed disks and are not encrypted by SSE unless you enable encryption at host.  

✅ Customer-Managed Keys (CMK): Fully supported and recommended for production workloads.  

✅ Cross-Tenant Disk Encryption: Encrypt managed disks using cross-tenant CMKs, supporting distributed enterprise environments.  

✅ Enhanced Confidential VM Protection: Azure Confidential VMs now support a new, stronger disk encryption scheme for sensitive workloads.  

✅ We are waiting on allowing your own HSMs for disk encryption, giving you even more control.  

Compare all encryption options here:  

🌐 https://learn.microsoft.com/en-us/azure/virtual-machines/disk-encryption-overview#comparison

#dmvpbuzz #azurenews #Microsoft365 #mctbuzz #msignite