You need to enable encryption for a running Windows Infrastructure-as-a-Service (IaaS) virtual machine (VM).
Which PowerShell cmdlet should you use?
You should use the Set-AzVMDiskEncryptionExtension cmdlet. This cmdlet is used to enable encryption on a running VM by installing the disk encryption extension. This cmdlet is used to enable encryption for a Windows or supported Linux VM. You should create a snapshot of the VM before enabling encryption.
You should not use the Set-AzVMDataDisk cmdlet. This cmdlet is used to modify properties for a VM data disk but does not include properties related to encryption.
You should not use the Set-AzDiskDiskEncryptionKey cmdlet. This cmdlet sets the disk encryption key properties on a disk but does not enable encryption.
You should not use the ConvertTo-AzVMManagedDisk cmdlet. This cmdlet is used to convert a VM with blob-based disks to a VM with managed disks.