Virtual Machines should use Managed Disks


Virtual Machine managed disks are designed for security and reliability in mind, so in most cases, users should use managed disks instead of their own disks. Managed disks are encrypted by default with Microsoft-managed keys, and are integrated with availability sets and support availability zones for high availability.

Remediation Steps

Azure Portal

  • Navigate to Virtual Machines.

  • Select the Virtual Machine you would like to convert.

  • In the left navigation, select Disks.

  • At the top of the Disks blade, select Migrate to managed disks.

  • Follow the prompts to convert the disk and finish by selecting ‘Migrate to start’ the process.


  • To add a Managed Disk to Virtual Machines:

Stop-AzVM -ResourceGroupName $rgName -Name $vmName -Force
ConvertTo-AzVMManagedDisk -ResourceGroupName $rgName -VMName $vmName
Start-AzVM -ResourceGroupName $rgName -Name $vmName`