After disk encryption unable to backup Virtual Machine in Azure
I recently encountered an issue that I believe is worth sharing with you. We encrypted our disk as required by PCI DSS 4.0 compliance. However, after the encryption process was completed, we started receiving an error with the code ‘UserErrorEncryptedVmNotSupportedWithDiskEx’, which indicates that ‘disk exclusion is not supported for encrypted virtual machines‘
When reviewed the backend log we understood that you tried configuring selective disk backup for encrypted disk backup and this is not supported with standard backup policy, however you can configure backup with enhanced policy. I had only OS disk so this article wasn’t much helpful for me.
https://learn.microsoft.com/en-us/azure/backup/selective-disk-backup-restore#limitations
On the backup screen, I could see OS disk as included disks.
But from the log I could see you have enabled backup without selective disk backup option, and it failed with error UserErrorKeyVaultPermissionsNotConfigured
After lot of research, I found we need to run below command to fix the issue and reset the exclusion. This will mainly reset the settings.
az backup protection update-for-vm --resource-group {resourcegroup} --vault-name {vaultname} -c {vmname} -i {vmname} --disk-list-setting resetexclusionsettings
After above command, I was able to start the backup and could see the completed status of the VM’s
Thanks and regards,
Inderjeet Singh Jaggi
Cloud Architect – Golden Five Consulting
[email protected]