Microsoft Azure Security Technologies (AZ-500)

Azure Disk Encryption for a Linux virtual machine (VM) is designed to help protect data at rest by leveraging the BitLocker feature for Windows and DM-Crypt for Linux. The correct choice highlights the limitation of Azure Disk Encryption concerning the VM tiers.

Azure's basic tier VMs do not support disk encryption because this feature requires infrastructure characteristics that are only present in standard or higher tiers. Disk encryption relies on specific VM capabilities to operate, and basic tier VMs lack the necessary resources and functionality, like the integration with Azure Key Vault for managing encryption keys and secrets.

In contrast, the standard tier VMs offer Azure Disk Encryption support, making it possible to securely encrypt both the OS and data disks. For Linux VM scale sets and custom image encryption, Azure provides support, but these aspects are specific to certain configurations and VM setups that are necessary to leverage Windows or Linux encryption services. Thus, the nuances and restrictions of the basic tier strongly validate the assertion regarding the lack of support for disk encryption on basic tier VMs.