Azure-cli: Contains disable an decrypt?

Decrypting a Linux system that has an encrypted OS disk is not currently possible via this command.

But for Windows it decrypts the disks?

similar to #8671

See also: https://docs.microsoft.com/en-us/azure/security/azure-security-disk-encryption-faq#can-i-encrypt-both-boot-and-data-volumes-with-azure-disk-encryption

@StefanSchoof Yes that is correct. For more background, the Windows solution calls into Bitlocker, which has a native capability to both encrypt and decrypt the underlying disk without terminating running processes or affecting the availability of the system. The Linux solution calls into dm-crypt via cryptsetup in a way that requires processes to be terminated and for the disk to be unmounted prior to an encrypt or decrypt operation. For the enable scenario, this operation is possible when the VM configuration meets the prerequisites. On disable however, which typically occurs after more modifications have been made to the system and more applications are running, the solution does not currently have a reliable way to go in the reverse direction for the OS volume.

@StefanSchoof , yes disabling encryption is indeed decrypting the disk. Please see ADE docs - decryption workflow for more info.

I have updated VM encryption's documentation (see pr #8691). Closing this.