Azure-docs: Documentation is severely out of date

@danucalovj Thanks for reporting! I have assigned the issue to the author to investigate and update as appropriate.

We are investigating.

@TomShinder @SudhakaraReddyEvuri

If we want this document to continue to demonstrate the AAD parameter path, I believe we need to revise the document so that it explicitly provides AAD parameters to the script instead of expecting the user to be prompted for them interactively.

If we want to change it so that it guides users through the simpler syntax that no longer requires AAD as a prerequisite that is also an option.

Note that if the user provides no parameters to the script, Powershell will only prompt interactively for the required parameters. Since AAD parameters are no longer required, the script will no longer prompt for them. If the user does specify these now optional AAD parameters on the command line when calling the script, it is backwards compatible. It will create those AAD prerequisites as before and go through the AAD path.

In the new scenario without AAD, it is indeed a requirement that the user update to the latest version of Azure Powershell SDK (6.3 is the latest now). This requirement could be potentially be documented early in the walkthrough before the user gets started. One idea may be to revise the document to walk the user through cloud shell instead of ISE since that is available now right from the portal, and wasn't when this document was first created. Cloud shell is automatically updated to the latest versions automatically, so this becomes less of a pain for those users. Of course another option would be to guide the user to do the check on Powershell version themselves if they think they might have an old version. This can be done in two parts. First, using the following command within Powershell to identify the locally installed version:
Get-Module -ListAvailable -Name AzureRm -Refresh

Second, comparing that version number to the latest Powershell release which is tracked here:
https://github.com/Azure/azure-powershell/releases/latest

Hope this helps.

Hi, any plans to make this a little more seamless ? MS has gone to great strides in making the azure experience and slick as possible, one would expect this to be a simple radio button (encrypt disk) and done! I appreciate there is a lot of work under the hood but when we see other cloud providers offering this with little effort, it becomes very desirable to have it in Azure too.

Thanks

I think we'll have a much better experience in the future, but I don't have timelines that I can share for now. We do hear your concerns and understand them from our own personal experiences as well.

@TomShinder, The portal Azure Advisor provides great feedback to encrypt disks that were formerly created without encryption. We are then directed to this documentation... only to find an out-dated document that is not in alignment. This is highly frustrating.

It would be SUPER helpful if this document were updated to work with ISE or the portal CLI. Just something more than we have today and something that works. Thanks in advance for your effort!

@ejarvi Do you have more details on simpler syntax that no longer requires AAD? I have made several attempts and keep getting the error below

$RGName = "TestVM"
$VMName = "TestVM1"
$VaultName= "VMKeyV"
$KeyVault = Get-AzureRmKeyVault -VaultName $VaultName -ResourceGroupName $RGName
$DiskEncryptionKeyVaultUrl = $KeyVault.VaultUri
$KeyVaultResourceId = $KeyVault.ResourceId
Set-AzureRmVMDiskEncryptionExtension -ResourceGroupName $RGName -VMName $VMName -DiskEncryptionKeyVaultUrl $DiskEncryptionKeyVaultUrl -DiskEncryptionKeyVaultId $KeyVaultResourceId

Set-AzureRmVMDiskEncryptionExtension : Long running operation failed with status 'Failed'. Additional Info:'VM has reported a failure when
processing extension 'AzureDiskEncryption'. Error message: "Failed to send DiskEncryptionData, Check KeyVault inputs, ResourceIds and retry
encryption operation".'
ErrorCode: VMExtensionProvisioningError
ErrorMessage: VM has reported a failure when processing extension 'AzureDiskEncryption'. Error message: "Failed to send DiskEncryptionData,
Check KeyVault inputs, ResourceIds and retry encryption operation".

There is another example here:

https://docs.microsoft.com/en-us/powershell/module/azurerm.compute/set-azurermvmdiskencryptionextension?view=azurermps-6.4.0#examples

That said, the syntax looks correct to me. I think the next steps for troubleshooting would be:

• Inspect the values of the $KeyVault, $DiskEncryptionKeyVaultUrl, and $KeyVaultResourceId variables to make sure they are not null or empty and that they are in the expected format prior to the call.
• If those are correct, revisit the steps that were taken to set up the Key Vault, and ensure that it resides within the same region as the VM and that it has been enabled for disk encryption:
  Set-AzureRmKeyVaultAccessPolicy -VaultName $keyVaultName -EnabledForDiskEncryption
• For comparison, the following Powershell script includes the necessary steps needed to set up these key vault prerequisites: https://github.com/Azure/azure-powershell/blob/master/src/ResourceManager/Compute/Commands.Compute/Extension/AzureDiskEncryption/Scripts/AzureDiskEncryptionPreRequisiteSetup.ps1

@muzzar78 Hi, I am getting the same error as below: I have checked all values are correct and both VM & Key vault are in the same region. Did you manage to find a solution?

Set-AzureRmVMDiskEncryptionExtension : Long-running operation failed with status 'Failed'. Additional Info:'VM has reported a failure when processing extension 'AzureDiskEncryption'. Error message:"Failed to send DiskEncryptionData, Check KeyVault inputs, ResourceIds and retry encryption operation".'
ErrorCode: VMExtensionProvisioningError
ErrorMessage: VM has reported a failure when processing extension 'AzureDiskEncryption'. Error message: "Failed to send DiskEncryptionData, Check KeyVault inputs, ResourceIds and retry encryption operation".
ErrorTarget:

I think I did it get it to work. I think my issue was the Keyvault permissions/setup. See the links at the bottom of the script

$params = New-Object PSObject -Property @{
    ResourceGroupName = "TestVM"
    VMName = "TestVM1"
    DiskEncryptionKeyVaultId = "/subscriptions/{subscriptionId}/resourceGroups/TestVM/providers/Microsoft.KeyVault/vaults/VMKeyV"
    DiskEncryptionKeyVaultUrl = "https://VMKeyV.vault.azure.net"
    VolumeType = "All"
}

$params | Set-AzureRmVmDiskEncryptionExtension

### Note. There is a script available to setup/configure the keyvault
# https://github.com/Azure/azure-powershell/blob/master/src/ResourceManager/Compute/Commands.Compute/Extension/AzureDiskEncryption/Scripts/AzureDiskEncryptionPreRequisiteSetup.ps1

# https://docs.microsoft.com/en-us/azure/security/azure-security-disk-encryption

This article no longer exists. #please-close

Closed per @msmbaldwin request.

This is still an issue. Followed "Example 1" here and still having the same issue.