This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(96, 71%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
In Azure portal, at the time of provisioning Azure VM , for the Azure disks, we select the default option of Platform Managed Keys. Now i understand that if we are using software-based Azure Key vault for the Customer Managed Keys , then compliance is FIPS 140-2 Level 1 https://learn.microsoft.com/en-us/azure/key-vault/keys/about-keys#compliance Please let me know the compliance level of Platform Managed Keys for Azure Disks ? Is it FIPS 140-2 Level 1 for Platform Managed Keys ?
Hi Microsoft, Please let me know the FIPS compliance level for Platform Managed Keys
@MS Techie Apologies for the delay response, I am checking on this thread!
Hi Microsoft, Please let me know the compliance level of PMK
@MS Techie Just checking in to see if the above answer helped. If this answers your query, do click "Accept the answer” for the same, which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.
@MS Techie Apologies for the delay response!
Microsoft Managed Key Encryption Keys are FIPS 140 level 1. For level 2 protection, customer can opt for customer-managed keys Customer-managed keys for account encryption - Azure Storage | Microsoft Learn. Managed HSM provides level 3 protection.
Typically, we do not share insights into implementation details on data encryption or details of policy and procedures. You can steer your customers to our compliance and certification documentation here (Microsoft Trust Center Overview | Microsoft Trust Center).
You want to audit yourself, which is an expensive task, we offer the Right to Audit (R2A) program. You can reach support for more information.
https://www.microsoft.com/en-us/security/business/services/compliance-program-microsoft-cloud
Additional information: Licensing Resources and Documents
Please let us know if you have any further queries. I’m happy to assist you further.
Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.
Are you saying the compliance level of platform managed keys is already FIPS-140 Level 1 already ? Can you double check with Microsoft. I remember clearly reading from Microsoft website that when we move from PMK to CMK, then compliance can be increased. Because from the link. I shared i the beginning of this question, i can see when we keep the Customer managed keys in software based azure key vault, then we reach compliance level fips 140-2 level 1, we can also reach level 2 and level 3 based on the type of key vault and HSM combination we take