PowerShell script to list virtual machine encryption status

By Anderson Patricio / February 28, 2020

I was asked to create a small PowerShell script to provide a short summary for the auditing department of every single virtual machine in any given subscription and their disk’s current encryption status.

I created the small block of commands to come up with the data required. You can use that as a start to get more advanced reporting of your environment.

$ResourceGroupname = "ResourceGroupName"
$VMs = Get-AzVM -ResourceGroupName $ResourceGroupname
foreach ($VM in $VMs)  {
$tmpEncryption = Get-AzVMDiskEncryptionStatus -VMName $VM.Name -ResourceGroupName $VM.ResourceGroupName
Write-Host "VM Name......: " $VM.Name
Write-Host "OS Disk......: " $tmpEncryption.OSVolumeEncrypted
Write-Host "Data Disk....: " $tmpEncryption.DataVolumesEncrypted
}

About The Author

Anderson Patricio

Anderson Patricio is a Canadian MVP in Cloud and Datacenter Management, and Office Server and Services, besides of the Microsoft Award he also holds a Solutions Master (MCSM) in Exchange, CISSP and several other certifications. Anderson contributes to the Microsoft Community with articles, tutorials, blog posts, twitter, forums and book reviews. He is a regular contributor here at Techgenix.com, MSExchange.org, ITPROCentral.com and Anderson Patricio.org (Portuguese).

2 thoughts on “PowerShell script to list virtual machine encryption status”

Varun
June 10, 2020 at 11:36 am

Hi Anderson

Thanks for this Script.

Could you please share any PS script in which we can get below details along with Disk Encryption Status of Each VMs

VmName, ResourceGroupName, Region, VmSize, VirtualNetwork, Subnet, PrivateIpAddress, OsType, PublicIPAddress , SKU, Encryption, Backup Configured , Backup Policy and other detaisdetails you want to add

Currently using below scrip for some information.

#Provide the subscription Id where the VMs reside
#$subscriptionId = “xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx”

#Provide the name of the csv file to be exported
$reportName = “myReport.csv”

#Select-AzSubscription $subscriptionId
$report = @()
$vms = Get-AzVM
$RG = Get-AzResourceGroup
$publicIps = Get-AzPublicIpAddress
$nics = Get-AzNetworkInterface | ?{ $_.VirtualMachine -NE $null}
foreach ($nic in $nics) {
$info = “” | Select VmName, ResourceGroupName, Region, VmSize, VirturalNetwork, Subnet, PrivateIpAddress, OsType, PublicIPAddress , Encryption ,SKU
$vm = $vms | ? -Property Id -eq $nic.VirtualMachine.id
foreach($publicIp in $publicIps) {
if($nic.IpConfigurations.id -eq $publicIp.ipconfiguration.Id) {
$info.PublicIPAddress = $publicIp.ipaddress
}
}
$info.OsType = $vm.StorageProfile.OsDisk.OsType
$info.SKU = $vm.StorageProfile.ImageReference.Sku
$info.VMName = $vm.Name
$info.ResourceGroupName = $vm.ResourceGroupName
$info.Region = $vm.Location
$info.VmSize = $vm.HardwareProfile.VmSize
$info.VirturalNetwork = $nic.IpConfigurations.subnet.Id.Split(“/”)[-3]
$info.Subnet = $nic.IpConfigurations.subnet.Id.Split(“/”)[-1]
$info.PrivateIpAddress = $nic.IpConfigurations.PrivateIpAddress
$report+=$info
}
$report | ft VmName, ResourceGroupName, Region, VmSize, VirtualNetwork, Subnet, PrivateIpAddress, OsType, PublicIPAddress , Encryption ,SKU
$report | Export-CSV “$home/$reportName”

if you can modify and add required fields then it will be greatful.

Thanks in Advance

Reply
Ritika
November 1, 2020 at 1:12 am

Hi, Can we fetch below extension details as well using a script? Please help.

Name :AzureDiskEncryption :
Type :Microsoft.Azure.Security.AzureDiskEncryption
Version : 2.*

Reply

About The Author

Anderson Patricio

Read Next

2 thoughts on “PowerShell script to list virtual machine encryption status”

Leave a Comment Cancel Reply