This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(259.20000000000005, 1%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ%3C/text%3E%3C/svg%3E)
Hello,
I have just tried to encrypt Ubuntu VM disk but failed because of the minimum requirement RAM not met.
So then I tried to enable "EncryptionAtHost" instead. (I have done enabling EncryptionAtHost feature as per instruction in the following URL: https://learn.microsoft.com/en-us/azure/virtual-machines/linux/disks-enable-host-based-encryption-cli)
However, it kept giving me error message as follow:
Failed to update 'vmname***************'. Error: Encryption at host is not allowed for a VM having disks that were encrypted with Azure Disk Encryption.
I can confirm there is no encryption available in that VM. I have also tried few powershell command like:
Disable-AzVMDiskEncryption
Remove-AzVMDiskEncryptionExtension
And based on the Get-AzVMDiskEncryptionStatus command, the results also shown nothing encrypted:
OsVolumeEncrypted : NotEncrypted
DataVolumesEncrypted : NotEncrypted
OsVolumeEncryptionSettings :
ProgressMessage : No Encryption extension or metadata found on the VM
Similarly, on the "Overview" screen, it is showing:
Azure disk encryption: Not enabled
Anyone kindly share if ever had similar experience and how to resolve this issue please?
Thank you & Best regards,
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(150.4, 64%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENR%3C/text%3E%3C/svg%3E)
Hi, we hope the provided answer helped if yes please accept the answer else, please let us know if you have any further queries. I’m happy to assist you further.
Hi, we hope the provided answer helped if yes please accept the answer else, please let us know if you have any further queries. I’m happy to assist you further.
Hello jazzspeed,
Greetings! Welcome to Microsoft Q&A Platform.
Azure Disk Encryption and Encryption at Host are different features. Azure Disk Encryption uses the DM-Crypt feature of Linux to provide volume encryption, while Encryption at Host encrypts data at the host level before it is written to the disk. Encryption at Host can't be enabled on virtual machines (VMs) or virtual machine scale sets that currently or ever had Azure Disk Encryption enabled in past times. You will need to recreate the VM in order to enable Encryption at Host. Apologies for the inconvenience with this limitation.
There are several options available for doing this, depending on the type of VM and the operating system it is running. One option is to use Azure Disk Encryption, which is a feature of Azure that enables you to encrypt the OS and data disks of your VMs using BitLocker on Windows VMs or DM-Crypt on Linux VMs. To enable Azure Disk Encryption on an existing VM, you will need to follow the steps outlined in the Azure documentation:
Make sure that the VM meets the prerequisites for Azure Disk Encryption.
Another option is to use Azure Confidential Computing, which is a feature of Azure that enables you to encrypt data in use on VMs using hardware-based trusted execution environments (TEEs). To enable Azure Confidential Computing on an existing VM, you will need to follow the steps outlined in the Azure documentation:
Similar thread for reference - https://learn.microsoft.com/en-us/answers/questions/739983/how-to-encrypt-the-temp-disks-caches-and-data-flow,https://learn.microsoft.com/en-us/answers/questions/843946/has-anybody-enable-azure-encryption-at-host-what-i
Hope this information helps! please let us know if you have any further queries. I’m happy to assist you further.
Please "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.