While integrating Azure Public cloud we see on Advance settings, there is a Parameter “Disk Encryption” which has 2 Options as below.
- Encrypt-Platform Managed
2.Encrypt-Use Encryption Sets
As per customer, They are using customer managed disk encryption and not the platform managed. if we use this then will it change the encryption to platform managed from customer managed ? Could you please provide more information on how to use this setting ?
Platform-Managed is Azure managing the keys, and Customer-Managed is using keys added by the customer/user.
Platform-managed keys (PMKs) are encryption keys generated, stored, and managed entirely by Azure. Customers do not interact with PMKs. The keys used for Azure Data Encryption-at-Rest, for instance, are PMKs by default. Customer-managed keys (CMK), on the other hand, are keys read, created, deleted, updated, and/or administered by one or more customers.
In Morpheus, if you pick an encryption set, it means it is Customer-Managed. Platform-Managed means using the encryption key/set that’s configured in Azure. So, if you pick Platform-Managed, you are not picking an encryption set since Azure deals with the keys in the background vs picking “use encryption sets” and a set is the same as Customer-Managed.
This setting only affects new instances created by Morpheus and not discovered VMs as discovered would already be encrypted.