Is 'Encryption at Host' or 'Azure Disk Encryption' possible with Azure Storage Pool disks in Windows Failover Cluster?

Hi @Amit Puthenpura,

Thank you for reaching out on Microsoft Q&A forum.

I understand you would like to know whether Encryption at Host or Azure Disk Encryption (ADE) is supported when using Azure Storage Pool disks in a Windows Failover Cluster. Let me clarify this for you.

Azure Disk Encryption leverages BitLocker inside the guest OS to encrypt VM disks. As documented in unsupported scenarios, ADE is not supported on VMs that are part of a failover cluster or using clustered/shared disks (such as Storage Spaces or Storage Spaces Direct).

Encryption at Host encrypts data on the Azure host server before it is written to Azure Storage, providing end-to-end encryption of OS disks, data disks, temporary disks, and caches. This feature is designed for single-VM scenarios and is not supported in Windows Failover Cluster environments. In multi-host cluster scenarios, the coordination of host-level encryption for a shared storage pool is not feasible, which is why the feature is unsupported in this configuration.

Kindly let us know if the above helps or you need further assistance on this issue.

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.