Azure – Get prepared for the retirement of ‘legacy’ data encryption in Azure Site Recovery

image_thumb[1]You may already know that Azure Site Recovery (ASR) is encrypting data to ensure your data stay safe and secure.

Well, this is an important announcement here; the current data encryption method used by Azure Site Recovery is being retired by April 30, 2022 to be replaced by Encryption at Rest capabilities (introduced earlier in 2016; see

With SSE, data is encrypted before persisting to storage and decrypted on retrieval, and, upon failover to Azure, your VMs will run from the encrypted storage accounts, allowing for an improved recovery time objective (RTO).

This means that if by the date of retirement you still have virtual machine replicating using the retired encryption method, the failover operations will failed.

To be prepared and ready, you need to execute the following steps:

  1. Disable the replication
  2. Create a new replication policy
  3. Re-enable the replication by selecting a storage account with Storage Service Encryption (SSE) enabled – see to know more about SSE)