Removing BitLocker Encryption

While you can enable BitLocker Encryption using the Azure Disk Encryption Extension, you can also disable it. There are two steps to this; disabling BitLocker at the VM-level and finally removing the extension.
Azure will prevent you from reversing the order as volume(s) must be completely decrypted before removing the extension.

The worse that can happen to a VM regarding BitLocker is the associated secret(s) for the volume(s) are deleted from the Azure Key vault; these must be available for the VM at start up for decryption to occur. 
At a minimum, I would strongly recommend enabling soft-key deletion on your Azure Key vault to recover from accidental, or malicious, deletion. The steps below will guide you on effectively removing BitLocker on an Azure VM:

Note: Before proceeding, be sure to plan an outage as removing the Azure Disk Encryption requires a system reboot, and also ensure you have a backup.

  1. From PowerShell or Azure CloudShell, run the following command to disable Azure Disk Encryption:

Disable-AzVMDiskEncryption -ResourceGroupName 'Servers' -VMName 'MyVM'

  1. When the VM restarts, log into the VM and monitor the BitLocker decryption process: 

manage-bde –status
  1. When BitLocker has completed decrypting all volume(s), run the following command to remove the AzDiskEncryption:

Remove-AzVMDiskEncryptionExtension -ResourceGroupName ‘Servers’ -VMName 'MyVM'