Azure Storage and Disk Encryption Deep Dive

28,357

822 0

Published 2021-02-04

In this video I dive into the encryption options for Azure Storage and disks in Azure including customer managed key, disk encryption sets, encryption scope, infrastructure encryption, host-based encryption and more!

00:00 Introduction
00:10 John talking gibberish
00:30 Azure Storage account encryption
02:25 How data is encrypted
04:20 Customer managed key
07:40 Double encryption
10:50 Encryption scopes
15:25 Disk introduction
16:38 Default disk encryption
17:25 CMK with disk encryption sets
21:28 Azure Disk Encryption inside the OS
25:30 ADE and DES don't mix
26:55 Host-based encryption
33:00 Key rotation
33:43 Close

All Comments (21)

@joebrady9829 2 months ago

Your videos are some of the best tech videos I've ever seen (and I've been a professional dev for 10 years), keep up the great work! It's also remarkable you never say "um" or "uh" or repeat yourself, concise and to the point
@AmitSingh-mr3cd 2 months ago

Thank you so much for this insightful video. The topics were explained thoroughly and in detail, which helped to resolve many of the questions I had. Your clear presentation has greatly enhanced my understanding on this cluttered topic ..
@iamdedlok 3 years ago

Awesome coverage of encryption of storage John! Thanks! Cleared up a few confusions! Salut!
@alikhalighi 2 years ago

This is really nice and professionally explained . I ve been digging on encryption and found this very useful and through .
@ZlatkaMitrevska 1 year ago

Great content.. I'm pretty new with all Azure stuff and couldn't understand a lot of things from just reading it.. This is it! Very helpful and descriptive, just the right way to understand it. And not just this topic, all of your videos are awesome :) Keep rocking!
@iamdedlok 3 years ago

I am back to this video after 3 weeks again! Gem of content! Wanted to check the difference between Disk Encryption Set (DES) vs ADE .. and voila John has already explained this. Legend! Basically, I am trying to import into Terraform an Azure Windows VM created from VHD. Unfortunately, the azurerm_windows_virtual_machine resource doesn't allow importing a VM resource with existing attached managed os disk. We have to use the legacy azurerm_virtual_machine resource but then this doesn't support DES . So have to fallback to using ADE using extensions for this scenario . Cheers John!
@oliviermalfroidt6405 3 years ago

Again, your presentation is so valuable. Thx John.
@honeychook 6 months ago

This is some really high quality content! It has been hard to find out WHY we need a DES instead of just connecting to the key vault. It kind of makes sense now to have that middle layer between the disks.
@PrashantSharma-ql4yb 1 year ago

This is priceless content. Thank you for creating this!
@joshuaeuceda4635 3 years ago

Well done John! It helped clarify some ambiguity around storage encryption,Thank you!
@gianit7185 2 years ago

Thanks a lot, very useful video and very well explained!
@christianibiri 3 years ago

Awesome! your videos are the best of the best :)
@idrisfl 3 years ago

Nice video (like always) John!
@sccfranciscobustos197 2 years ago

I'm really a fan of your T-shirts, John, they're the best!
@anshulfreedom 2 years ago

Only video which has clear the doubt between ADE & SSE
@pokmnhyu 3 years ago

Great Video john !
@insights3005 3 years ago

very high quality presentation
@sveinungchr 3 years ago

Thank you for your great videos. Did my az-104 today and passed. Your videos really helped. Have 303 and 304 planed for the next weeks
@kennyyu7340 1 year ago

Great Video!
@hsmssouza 2 years ago

Very good content!!