Register to Better Coder! It's free.
Enjoy the premium features and succeed at every job interview.

How is Azure Disk Encryption different from Storage server-side encryption with customer-managed key and when should I use each solution?

Experience Level: Senior
Tags: Azure CloudAzure StorageAzure Virtual Machines

Answer

Azure Disk Encryption provides end-to-end encryption for the OS disk, data disks, and the temporary disk with a customer-managed key.

If your requirements include encrypting all of the above and end-to-end encryption, use Azure Disk Encryption.
If your requirements include encrypting only data at rest with customer-managed key, then use Server-side encryption with customer-managed keys. You cannot encrypt a disk with both Azure Disk Encryption and Storage server-side encryption with customer managed keys.
If you are using a scenario called out in unsupported scenarios for Windows, consider Server-side encryption with customer-managed keys.
If your organization's policy allows you to encrypt content at rest with an Azure-managed key, then no action is needed - the content is encrypted by default. For managed disks, the content inside storage is encrypted by default with Server-side encryption with platform-managed key. The key is managed by the Azure Storage service.
Related Azure Cloud job interview questions

Comments

No Comments Yet.
Be the first to tell us what you think.
Azure Storage
Azure Storage

Are you learning Azure Cloud ? Try our test we designed to help you progress faster.

Test yourself
Azure Virtual Machines
Azure Virtual Machines

Are you learning Azure Cloud ? Try our test we designed to help you progress faster.

Test yourself
AZ-304 Microsoft Azure Architect Design Preparation
AZ-304 Microsoft Azure Architect Design Preparation

Are you learning Azure Cloud ? Try our test we designed to help you progress faster.

Test yourself