0

我想首先获取与 VM 关联的磁盘列表,然后遍历每个磁盘属性以识别磁盘是否经过客户管理密钥 (CMK) 加密。如何使用 Azure PowerShell 执行此检查?

4

1 回答 1

0

通常,要获取虚拟机的加密状态,可以使用 Get-AzVMDiskEncryptionStatus cmdlet,语法如下:

Get-AzVmDiskEncryptionStatus -ResourceGroupName $resourceGroupName -VMName $vmName

您将看到操作系统的加密状态和数据量。

如果上面的OsVolumeEncryptedDataVolumesEncrypted显示Encrypted,您可能有 osDisk 或 dataDisk 使用 CMK 加密。

您还可以使用以下 PowerShell 命令从每个磁盘捕获加密设置。有关更多详细信息,您可以阅读这篇文章

RGNAME="RGNAME"
VMNAME="VNAME"

$VM = Get-AzVM -Name $VMNAME -ResourceGroupName $RGNAME  
 $Sourcedisk = Get-AzDisk -ResourceGroupName $RGNAME -DiskName $VM.StorageProfile.OsDisk.Name
 Write-Host "============================================================================================================================================================="
 Write-Host " OS disk Encryption Settings:"
 Write-Host "============================================================================================================================================================="
 Write-Host "Enabled:" $Sourcedisk.EncryptionSettingsCollection.Enabled
 Write-Host "Version:" $Sourcedisk.EncryptionSettingsCollection.EncryptionSettingsVersion
 Write-Host "Source Vault:" $Sourcedisk.EncryptionSettingsCollection.EncryptionSettings.DiskEncryptionKey.SourceVault.Id
 Write-Host "Secret URL:" $Sourcedisk.EncryptionSettingsCollection.EncryptionSettings.DiskEncryptionKey.SecretUrl
 Write-Host "Key URL:" $Sourcedisk.EncryptionSettingsCollection.EncryptionSettings.KeyEncryptionKey.KeyUrl
 Write-Host "============================================================================================================================================================="

 foreach ($i in $VM.StorageProfile.DataDisks| ForEach-Object{$_.Name})
 {
 Write-Host "============================================================================================================================================================="
 Write-Host "Data Disk Encryption Settings:"
 Write-Host "============================================================================================================================================================="
 Write-Host "Checking Disk:" $i
 $Sourcedisk=(Get-AzDisk -ResourceGroupName $RGNAME -DiskName $i)
 Write-Host "Encryption Enable: " $Sourcedisk.EncryptionSettingsCollection.Enabled
 Write-Host "Encryption KeyEncryptionKey: " $Sourcedisk.EncryptionSettingsCollection.EncryptionSettings.KeyEncryptionKey.KeyUrl;
 Write-Host "Encryption DiskEncryptionKey: " $Sourcedisk.EncryptionSettingsCollection.EncryptionSettings.DiskEncryptionKey.SecretUrl;
 Write-Host "============================================================================================================================================================="
 }
于 2021-05-11T02:58:00.647 回答