Is BitLocker the Technology Behind Azure Disk Encryption?
Prepare for the AZ-500 exam by understanding how Azure Disk Encryption utilizes the Windows BitLocker feature to provide volume encryption for both OS and data disks. Learn how this service integrates with Azure Key Vault to manage encryption keys.
Question
Azure Disk Encryption uses Bitlocker to encrypt OS and data volumes.
A. TRUE
B. FALSE
Answer
A. TRUE
Explanation
Azure Disk Encryption does utilize Bitlocker for Windows VMs.
The statement is true because Azure Disk Encryption (ADE) leverages the native encryption features built into the guest operating system of a virtual machine. For Windows VMs, this feature is BitLocker Drive Encryption. For Linux VMs, it uses the DM-Crypt feature.
This design allows ADE to provide full volume encryption for the operating system disk and any attached data disks. The process works as follows:
- When you enable Azure Disk Encryption on a Windows virtual machine, the ADE extension is installed on the VM.
- This extension configures BitLocker to encrypt the specified volumes (OS disk, data disks, or both).
- The encryption keys and secrets generated by BitLocker are then secured and managed within an Azure Key Vault that you control. This integration with Key Vault is mandatory and ensures that you maintain control over the encryption keys, separate from the virtual machine disks themselves.
By using the OS-native tools, ADE provides a seamless encryption solution that is transparent to the applications running on the virtual machine. For the AZ-500 exam, it is critical to remember this distinction: ADE for Windows uses BitLocker, and ADE for Linux uses DM-Crypt.
Microsoft Certified Azure Security Engineer Associate AZ-500 certification exam assessment practice question and answer (Q&A) dump including multiple choice questions (MCQ) and objective type questions, with detail explanation and reference available free, helpful to pass the Microsoft Certified Azure Security Engineer Associate AZ-500 exam and earn Microsoft Certified Azure Security Engineer Associate AZ-500 certification.