I have a few ideas about Azure Disk Encryption. Although there is a scripted action that configures everything, I see room for improvement here.
The end goal should be that we can read the keys used on the host in Nerdio, analogous to Intune (LAPS or Bitlocker Key). This can then also be delegated via permissions.
To configure the pools, I imagine that we could also configure the Key Vault as with disk encryption under VM deployment. And that an old key is then deactivated and a new one is created during the deployment.
Whether we then create the Key Vault in Nerdio and can access values immediately, or whether the Key Vault has to be created in advance (as with disk encryption) is not so important at first. The scripted action could then possibly be modified to create it.
Comments (0 comments)