![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(9.6, 15%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
8,093 questions
Hello @Shivam Singh
Encryption at host is supported for all disk types in Azure, including standard HDD, standard SSD, premium SSD, and ultra disks. However, there are some restrictions on the VM sizes that support encryption at host, like Legacy VM Sizes aren't supported which you can find in the Azure documentation.
Setting up encryption at host does not require a key vault or disk encryption sets. However, if you want to use customer-managed keys (CMK) for encryption at host, you will need to create a key vault and configure it to use CMK. There may be additional costs associated with using CMK, depending on the key vault pricing and the number of keys you need to manage. Enabling encryption at host should not have a significant impact on disk or VM restoration, backup, or other operations. However, it is important to note that encryption at host does not protect against data loss due to accidental deletion, corruption, or other issues.
You should still follow best practices for data backup and recovery to ensure that your data is protected. One potential drawback of enabling encryption at host is that it may increase the time required to create or restore VMs, since the encryption process must be completed before the VM can be used. However, this should not have a significant impact on most workloads, and the benefits of encryption at host generally outweigh any potential drawbacks.
Hope this helps, feel free to tag me in comments for any queries.
If I have answered your query, please click "Accept as answer" as a token of appreciation