This PowerShell script covers a complete case with one virtual machine (Windows Server 2016), with one data disk, Virtual Network, Subnet, Public IP Address, Network Security Group, BGInfo, and DiskEncryption Extensions.


The executing steps are :

Step 1. Create a Resource Group
Step 2. Create Azure Active Directory service principal
Step 3. Create AAD Application
Step 4. Create Azure Key Vault
Step 5. Create Cryptographic Key
Step 6. Give Permissions to the AAD Application access the principal keys
Step 7. Create Virtual Machine
Step 8. Enable BGInfo extension
Step 9. Enable Disk Encryption extension and encrypt the OS disk

Every step in the script can be used as a separated PowerShell code block.The deployment of the script takes 15 – 20 minutes.

Instructions on how to execute the .ps1 file

Step 1. Download the File and save it to the drive C:\
Step 2. Open a Powershell with Administrative rights
Step 3. Suppose that the .ps1 file is downloaded on the C:\ drive and execute the following command

PS C:\> .\Auto-Deploy-VM-DiskEncryption.ps1 
SubscriptionName: My Subscription 
RGName: MyResourceGroupName 
Location: westeurope 
ApplicationName: MyAADApplication 
KVName: MyKeyName 
VMName: MyVMName


You can download the script from Technet gallery.

Share This