Author: Subhro

Mastering Azure Disk Encryption for Windows VMs : Everything You Need to Know

Azure provides two primary options to secure your data at rest on virtual machines:

  • Storage Service Encryption (SSE) :
    This is automatically enabled for all managed disks and encrypts data at the storage level using Microsoft-managed keys or customer-managed keys (CMK). It operates transparently and cannot be disabled.

  • Azure Disk Encryption (ADE) :
    This is an optional feature that encrypts the OS and data volumes inside the VM using technologies like BitLocker (for Windows) and DM-Crypt (for Linux). ADE provides an added layer of security by encrypting data at the OS volume level, and it allows you to manage your own encryption keys via Azure Key Vault.

In this article, we will focus on configuring Azure Disk Encryption (ADE) for Windows Virtual Machines using PowerShell.

You’ll learn how ADE works under the hood, how to set it up securely using Azure Key Vault, and how to verify and manage the encryption status of your VM disks.

Continue reading “Mastering Azure Disk Encryption for Windows VMs : Everything You Need to Know”

Active Directory Certificate Services – AIA , CRL and OCSP

This is the third article of the ADCS series.

Before reading this article, please go through the previous two articles in this series which are :

In this article, we will discuss few important concepts related to Certificate : 1) AIA 2) CRL 3) OCSP

Continue reading “Active Directory Certificate Services – AIA , CRL and OCSP”

Active Directory Certificate Services: Enterprise CA Architecture

This is the second article of the Active Directory Certificate Service (ADCS) series. Before you read this article, please ensure that you have read my previous article :

Active Directory Certificate Services – Digital Certificate Overview

In that article, we took a deep dive on the basic concepts of Cryptography and Digital Certificate. We discussed how a secure communication can be performed using Digital Certificate. Finally, we introduced Enterprise PKI and compared it with External PKI.

In this article, we will take a deep dive on ADCS , and how it provides a complete solution of the Enterprise PKI need. We will also discuss concepts and terminologies associated with ADCS.

Continue reading “Active Directory Certificate Services: Enterprise CA Architecture”