Not sure - are there any variances between your setup and the instructions? There is a very narrowly scoped scenario so if there's anything different, there might be problems.

Not that I can see. It's a Virtual Machine, and the Azure Security Centre linked to the instructions, I've checked I've not missed anything.

OK, thanks! We'll check on this to see if there changes that led to problems with this doc.

I have the same error as adrianprattuk when the script gets to the Set-AzureRmResource in order to enable soft delete on the Keyvault. Tried running the following two lines separately as well and reproduced the error.

($resource = Get-AzureRmResource -ResourceId (Get-AzureRmKeyVault -VaultName $keyVaultName).ResourceId).Properties | Add-Member -MemberType "NoteProperty" -Name "enableSoftDelete" -Value "true"
Set-AzureRmResource -resourceid $resource.ResourceId -Properties $resource.Properties -Force

Thanks! Trying to find someone who might be able to eyeball this and figure it out.

Same here, after 'Enabling Soft Delete on KeyVault SPCITKeyVault01' craps out with the same error.

Set-AzureRmResource : Exception getting "Values": "The method or operation is not implemented."
At C:\AzureADEScript\ADEPrereqScript.ps1:160 char:5

• Set-AzureRmResource -resourceid $resource.ResourceId -Properties ...
• ~~~~~~~~~~~~~
  
  
  
  • CategoryInfo : CloseError: (:) [Set-AzureRmResource], GetValueInvocationException
  
  
  • FullyQualifiedErrorId : Microsoft.Azure.Commands.ResourceManager.Cmdlets.Implementation.SetAzureResourceCmdlet
  
  

I'm sure I've followed the instructions word for word...will keep looking around and drop back any findings.

There may have been some changes to the service that is causing this failure. Researching.

Same issue here. And this worked for me in the past. I guess something changed in service configuration.

`Set-AzureRmResource : Exception getting "Values": "The method or operation is not implemented."
At line:160 char:5

• Set-AzureRmResource -resourceid $resource.ResourceId -Properties ...
• ~~~~~~~~~~~~~
  
  
  
  • CategoryInfo : CloseError: (:) [Set-AzureRmResource], GetValueInvocationException
  
  
  • FullyQualifiedErrorId : Microsoft.Azure.Commands.ResourceManager.Cmdlets.Implementation.SetAzureResourceCmdlet`
  
  

OK - we're aware of the problem and it's been replicated. Now researching on a fix. Thanks for your patience!

Can I/ If I "#Set-AzureRmResource -resourceid $resource.ResourceId -Properties ..." this section out of the script will it still let me encrypt my VM? I've used this script before to encrypt 20 VMs in the past. I will be using the same values (key vault, location, aadAppName) and the only difference is a new "resourcegroupname" for this VM.

Same issue here - looking forward to the fix.

Need to roll back to 5.5.2:
You can roll back to version 5.5.2 of AzureRM.Resources to avoid the issue.

Install-Module -Name AzureRM -Repository PSGallery -Force
Uninstall-Module -Name AzureRM.Resources -RequiredVersion 6.0.0 -Force
Install-Module -Name AzureRM.Resources -Repository PSGallery -RequiredVersion 5.5.2 -Force

Still not working after the rollback:
Enabling Soft Delete on KeyVault NorthPROD-KV1
Set-AzureRmResource : Exception getting "Values": "The method or operation is not implemented."
At C:\Data\PowerShell_Scripts\ADEPrereqScript.ps1:160 char:5

• Set-AzureRmResource -resourceid $resource.ResourceId -Properties ...
• ~~~~~~~~~~~~~
  
  
  
  • CategoryInfo : CloseError: (:) [Set-AzureRmResource], GetValueInvocationException
  
  
  • FullyQualifiedErrorId : Microsoft.Azure.Commands.ResourceManager.Cmdlets.Implementation.SetAzureResourceCmdlet
  
  

$appname
Parameter was $false because of that it is not creating the Aadapp.
Make it $true it will work.

I am not creating a new "aadApp" I am using am existing one.

Ok, I get further now. But not getting all info at the end of the script.
I get DiskEncryptionKeyVaultUrl: ***
DiskEncryptionKeyVaultId: ***

But no aadClientID or aadClientSecret.

Have I missed something?

Many thanks

Hi Ozric473.

Please find the "aadAppName" Just above 4th line you will see as "[Parameter(Mandatory = $false," You need to replace it as "[Parameter(Mandatory = $true,"
That's all....

Hi Zia...

Unfortunately that just lead me to another issue:

Get-AzureRmADServicePrincipal : Method not found: 'System.Collections.Generic.List`1
Microsoft.Azure.Graph.RBAC.Version1_6.ActiveDirectory.ActiveDirectoryClient.FilterServicePrincipals(Microsoft.Azure.Graph.RBAC.Version1_6.ActiveDirectory.ADObjectFilterOptions)'.
At C:\AzureADEScript\ADEPrereqScript.ps1:60 char:27

• ... incipals = (Get-AzureRmADServicePrincipal -SearchString $aadAppName); ...
• ~~~~~~~~~~~
  
  
  
  • CategoryInfo : CloseError: (:) [Get-AzureRmADServicePrincipal], MissingMethodException
  
  

+ FullyQualifiedErrorId : Microsoft.Azure.Commands.ActiveDirectory.GetAzureADServicePrincipalCommand

Any ideas?

Having the same error this error on 6.0.0
Set-AzureRmResource : Exception getting "Values": "The method or operation is not implemented."
At C:\AzureADEScript\ADEPrereqScript.ps1:160 char:5

• Set-AzureRmResource -resourceid $resource.ResourceId -Properties ...
• ~~~~~~~~~~~~~
  
  
  
  • CategoryInfo : CloseError: (:) [Set-AzureRmResource], GetValueInvocationException
  
  
  • FullyQualifiedErrorId : Microsoft.Azure.Commands.ResourceManager.Cmdlets.Implementation.SetAzureResourceCmdlet
  
  

when I rollback I get this one:

Get-AzureRmADServicePrincipal : Method not found: 'System.Collections.Generic.List`1
Microsoft.Azure.Graph.RBAC.Version1_6.ActiveDirectory.ActiveDirectoryClient.FilterServicePrincipals(Microsoft.Azure.Graph.RBAC.Version1_6.ActiveDirectory.ADObjectFilterOptions)'.
At C:\AzureADEScript\ADEPrereqScript.ps1:60 char:27

Please help

Downgrading AzureRM.Resource resolved enabling soft delete issue but now I am exactly where ozric473 is with an error running get-AzureRmADServicePrincipal. If I just run get-AzureRmADServicePrincipal without the script I get the exact same error. If I go to a machine with AzureRM.Resource version 6.0.0 I do not get the error and can run the command.

Get-AzureRmADServicePrincipal : Method not found: 'System.Collections.Generic.List`1 Micro
soft.Azure.Graph.RBAC.Version1_6.ActiveDirectory.ActiveDirectoryClient.FilterServicePrincipals(Microsoft.Azure.Graph.RBAC.Version1_6.ActiveDirectory.ADObjectFilterOpt
ions)'.
At \empiro\fs\Home\MPiccinich\Scripts\AzureDiskEncryptionPreRequisiteSetup2.ps1:59 char:23

• ... incipals = (Get-AzureRmADServicePrincipal -SearchString $aadAppName); ...
• ~~~~~~~~~~~
  
  
  
  • CategoryInfo : CloseError: (:) [Get-AzureRmADServicePrincipal], MissingMethodException
  
  
  • FullyQualifiedErrorId : Microsoft.Azure.Commands.ActiveDirectory.GetAzureADServicePrincipalCommand
  
  

I was able to reproduce it. On a working powershell with azurern.resource 6.0 I ran get-azureRmAdServicePrincipal and it returned successful. I then ran the 3 lines to rollback to 5.5.2 (posted earlier in this thread). After this rollback, get-azureRmAdServicePrincipal no longer works with method not found error.

A quick work around for this appears to be to comment out the soft delete update code:

# Enable soft delete on KeyVault to not lose encryption secrets
#Write-Host "Enabling Soft Delete on KeyVault $keyVaultName";
#$resource = Get-AzureRmResource -ResourceId $keyVault.ResourceId;
#$resource.Properties | Add-Member -MemberType "NoteProperty" -Name "enableSoftDelete" -Value $true -Force;
#Set-AzureRmResource -resourceid $resource.ResourceId -Properties $resource.Properties -Force;

And add the EnableSoftDelete option in the Key Vault creation:

$keyVault = New-AzureRmKeyVault -VaultName $keyVaultName -ResourceGroupName $resourceGroupName -Sku Standard -Location $location -EnableSoftDelete;

This is obviously not ideal if using an existing Key Vault which doesn't have soft delete enabled as it won't be updated.

@thwpike thanks, it worked for me. However, the following line should not be commented out:

$resource = Get-AzureRmResource -ResourceId $keyVault.ResourceId;

Also, I had to set Parameter(Mandatory = $true for $aadAppName as previously stated in the comments.

same issue encountered:
Set-AzureRmResource : Exception getting "Values": "The method or operation is not implemented."
At line:160 char:5

• Set-AzureRmResource -resourceid $resource.ResourceId -Properties ...
• ~~~~~~~~~~~~~
  
  
  
  • CategoryInfo : CloseError: (:) [Set-AzureRmResource], GetValueInvocationException
  
  
  • FullyQualifiedErrorId : Microsoft.Azure.Commands.ResourceManager.Cmdlets.Implementation.SetAzureResourceCmdlet
  
  

PS C:\WINDOWS\system32> Get-InstalledModule -Name "AzureRM"

Version Name Repository Description
------- ---- ---------- -----------
5.7.0 AzureRM PSGallery Azure Resource Manager Module

PS C:\WINDOWS\system32> $psversiontable

Name Value
---- -----
PSVersion 5.1.17134.1
PSEdition Desktop
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...}
BuildVersion 10.0.17134.1
CLRVersion 4.0.30319.42000
WSManStackVersion 3.0
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1

Also, ensured that Parameter(Mandatory = $true for $aadAppName is set as per recommendations

@SudhakaraReddyEvuri Was this fixed in latest ?

Yes, the error "Set-AzureRmResource : Exception getting "Values": "The method or operation is not implemented." should have been fixed in https://github.com/Azure/azure-powershell/releases/tag/v6.3.0-June2018 . please install latest Azure Powershell and re-run the script.

please-close

We will now close this issue. If there are further questions regarding this matter, please reopen it and we will gladly continue the discussion.

@TomShinder, I had to completely remove any prior AzureRM.Resources versions EXCEPT v5.5.2 in order for the ADEPrereqScript to run successfully.

I'm currently at the stage where when I've done the Power Sheel, it looks to have completed successfully, it says it's encrypted the disk, but hasn't actually done it when I look in Azure :(
thanks, I'll try that suggestion above, having tried most of the things suggested by various people. It is a shame that these instructions are given, but don't work, I need to do this as part of our GDPR compliance, which is a painful process already