Bitlocker encryption Azure DevOps Release Pipeline

This is a blogpost about setting Bitlocker drive encryption for WVD sessionhosts in an Azure DevOps Release Pipeline. The Bitlocker key will be stored in an Azure Keyvault. This post is only about the script you use to automatically enable Bitlocker on your VM’s. Dishan Francis created an excellent post about creating a Key Vault and Key to use for Bitlocker drive encryption. I will reference this post in the prerequisites.

Prerequisites

Firstly and most importantly set up Azure Key vault according to this blog:

Dishan Francis’s blog about setting up Azure Key Vault

Secondly, it is required that you already have setup your Azure DevOps Release Pipeline to deploy Windows Virtual Desktop Hostpools.

Script Syntax

Azure DevOps implementation

If you have read previous posts then the following will look familiar.

Firstly, logon to your Azure DevOps organization and go to your release pipeline.

Secondly, edit the release pipeline. You see the following:

Azure DevOps Release Pipeline

Click on the task you want to add the bitlocker encryption script to. For example “HostPool Dev”:

Next, add a new task:

Add a task the hostpool dev release pipeline

Lookup “Azure CLI” and add the task:

Add an Azure CLI task to the Azure Devops Release Pipeline

Name the task, select you ARM Connection, choose the Powershell as Script Type and copy the script from the Script syntax chapter to the Inline Script section:

Take in account that you need to edit the variables in the script. For example: “RESOURCEGROUPNAME”.

Now run the release pipeline. You should see this result in the task for the Bitlocker Drive Encryption section:

Bitlocker Drive Encryption status

This is the view from the Azure Key Vault perspective:

Bitlocker encryption Azure DevOps Release Pipeline

After that, you have automated your Bitlocker drive encryption for WVD Session hosts via an Azure DevOps Release Pipeline.

References

Dishan Francis’s blog about setting up Azure Key Vault

Other WVD posts:

Token Refresh Script for Azure DevOps Release Pipeline

Flow Triggered DevOps Build

Related Posts

2 thoughts on “Bitlocker encryption Azure DevOps Release Pipeline

Leave a Reply

Your email address will not be published. Required fields are marked *