Enable volume encryption and deduplication in Azure Stack HCI and Windows Server

Applies to: Azure Stack HCI, versions 22H2 and 21H2; Windows Server 2022, Windows Server 2019

Important

Azure Stack HCI is now part of Azure Local. Product documentation renaming is in progress. However, older versions of Azure Stack HCI, for example 22H2 will continue to reference Azure Stack HCI and won't reflect the name change. Learn more.

This topic covers how to enable encryption with BitLocker on volumes in Azure Stack HCI or Windows Server using Windows Admin Center. It also covers how to enable deduplication on volumes. To learn how to create volumes, see Create volumes.

Encrypt volumes with BitLocker

To turn on BitLocker in Windows Admin Center:

  1. Connect to an Azure Stack HCI system or Storage Spaces Direct cluster running Windows Server, and then on the Tools pane, select Volumes.

    Note

    To use a new feature that provides an additional locally held BitLocker key without relying on Active Directory, you must use Windows PowerShell. The new feature is only available in Windows Server 2022 and Azure Stack HCI, version 21H2 and newer. For more information, see Use BitLocker with Cluster Shared Volumes (CSV).

  2. On the Volumes page, select the Inventory tab, select the appropriate volume, and then select Settings.

  3. Under More features, select Use encryption.

  4. Select any optional settings, such as backing up the recovery password to Active Directory Domain Services, and then select Save.

    If the Install BitLocker feature first pop-up displays, follow its instructions to install the feature on each server in the cluster, and then restart your servers.

Turn on deduplication

Deduplication uses a post-processing model, which means that you won't see savings until it runs. When it does, it deduplicates all existing files.

To turn on deduplication on a volume in Windows Admin Center:

  1. Connect to an Azure Stack HCI system or Storage Spaces Direct cluster running Windows Server, and then on the Tools pane, select Volumes.

  2. On the Volumes page, select the Inventory tab, select the appropriate volume, and then select Settings.

  3. Under More features, select Use deduplication, and then select the deduplication mode. If you're not sure, use the default setting.

  4. Select Save.

Next steps