Azure – Get prepared for the retirement of ‘legacy’ data encryption in Azure Site Recovery

image_thumb[1]You may already know that Azure Site Recovery (ASR) is encrypting data to ensure your data stay safe and secure.

Well, this is an important announcement here; the current data encryption method used by Azure Site Recovery is being retired by April 30, 2022 to be replaced by Encryption at Rest capabilities (introduced earlier in 2016; see https://azure.microsoft.com/en-au/blog/azure-site-recovery-encryption-at-rest/).

With SSE, data is encrypted before persisting to storage and decrypted on retrieval, and, upon failover to Azure, your VMs will run from the encrypted storage accounts, allowing for an improved recovery time objective (RTO).

This means that if by the date of retirement you still have virtual machine replicating using the retired encryption method, the failover operations will failed.

To be prepared and ready, you need to execute the following steps:

  1. Disable the replication
  2. Create a new replication policy
  3. Re-enable the replication by selecting a storage account with Storage Service Encryption (SSE) enabled – see https://docs.microsoft.com/azure/storage/common/storage-service-encryption to know more about SSE)
Benoit Hamet
Benoit Hamet
Benoit is working on Microsoft collaborative technologies He has been awarded as MVP for more than 12 years Currently MVP on Office 365 after being awarded on SharePoint (2011-2012) and Windows client & server (2002-2007) Speaker at various Microsoft events (TechDays, TechNet seminars) and Quest Software He works on on-premises (Active Directory, RADIUS/NPS, Exchange, Skype for Business, SharePoint, SQL, Terminal Server, Windows client and Windows Server) or online (Azure, Intune, Office 365, Exchange Online, SharePoint Online, Skype for Business Online, Teams) technologies