It looks like the services that support CMK encryption in Cognitive Services doesn't allow to user managed identity to link with Key Vault integration. As soon I try to change to CMK encryption setting system managed identity is turning on and I am raised with following error indicating about access policy.
Access KeyVault 'https://test-kv01.vault.azure.net' with managed identity is forbidden. Please configure the access policy in your KeyVault to allow managed identity to wrap & unwrap with keys.
In our organization only RBAC model is allowed with KeyVault. I have given user managed identity Key Vault Secret User and Key Vault Crypto Service Encryption User. As I noticed system managed identity is turning on so I also gave the necessary RBAC for the identity.
Can anyone help me figure how to setup CMK encryption with system/user managed identity using RBAC model?
Thanks,
Gayatri