EncryptAzureVM

invoke-webrequest https://raw.githubusercontent.com/Azure/azure-powershell/master/src/ResourceManager/Compute/Commands.Compute/Extension/AzureDiskEncryption/Scripts/AzureDiskEncryptionPreRequisiteSetup.ps1 -Outfile AzureDiskEncryptionPreRequisiteSetup.ps1

Login-AzureRmAccount

Get-AzureRmSubscription

./AzureDiskEncryptionPreRequisiteSetup.ps1 -SubscriptionID "e03cfa2a-c5a9-4f4e-afbd-462c181f761e" -ResourceGroupName "PixelEncrypt" -KeyVaultName "PixelEncrypt"  -location "UK South" -AADAppName "PixelEncrypt"

$resourceGroupName = "PixelRobotsLab"

$vmName = "PixelTest"

$aadClientID = "54d64d1f-9dbf-4be3-92bc-30efbbe4f18f"

$aadClientSecret = "af031e75-c020-4ecd-89e6-74be50030bb7"

$diskEncryptionKeyVaultUrl = "https://PixelEncrypt.vault.azure.net"

$keyVaultResourceId = "/subscriptions/e03cfa2a-c5a9-4f4e-afbd-462c181f761e/resourceGroups/PixelEncrypt/providers/Microsoft.KeyVault/vaults/PixelEncrypt"

$KEKUrl = "https://pixelencrypt.vault.azure.net/keys/VMEncrypt/9769d3510bbb45a9a0f2843b9a5eaaff"

Set-AzureRmVMDiskEncryptionExtension -ResourceGroupName $resourceGroupName -VMName $vmName -AadClientID $aadClientID -AadClientSecret $aadClientSecret -DiskEncryptionKeyVaultUrl $diskEncryptionKeyVaultUrl -DiskEncryptionKeyVaultId $keyVaultResourceId -KeyEncryptionKeyVaultId $keyVaultResourceId -KeyEncryptionKeyUrl $KEKUrl -VolumeType All

Disable-AzureRmVMDiskEncryption -ResourceGroupName "PixelRobotsLab" -VMName "PixelTest" -VolumeType All