![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(310.4, 76%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EV%3C/text%3E%3C/svg%3E)
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,313 questions
Thank you for your post and I apologize for the delayed response!
I understand that you're leveraging Server-side encryption with Customer-managed keys and would like to know if it's possible to add a Disk Encryption Set's managed Identity to an Azure AD Security Group. To hopefully help point you in the right direction or resolve your issue, I'll share my findings below.
Findings:
Based off what I found, it's possible to associate a Disk Encryption Set's managed identity to an Azure AD group - When a disk encryption set is created, a system-assigned managed identity is created in Azure Active Directory (AD) and associated with the disk encryption set. For more info.
To add the Managed Identity to an Azure AD Security Group:
- Create an Azure AD Group
- Add your Disk Encryption Set Managed Identity to the Azure AD Group
- Assign the required permissions to your Azure AD group.
Additional Links:
- View the service principal of a managed identity in the Azure portal
- Create a basic group and add members
- Best practices for Azure RBAC
- Best practices for Azure AD roles
I hope this helps!
If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.
If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.