This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(169.60000000000002, 57.99999999999999%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGJ%3C/text%3E%3C/svg%3E)
Hello,
we are considering disk encryption with our own keys. What are the options of troubleshooting the potential issues by MS Support Engineer if any operation fail? Does have MS Support engineer access to my Key Vault or keys? What happened if I open a ticket related to the disk encryption?
Thanks
Jan
An Azure service for virtual machines (VMs) that helps address organizational security and compliance requirements by encrypting the VM boot and data disks with keys and policies that are controlled in Azure Key Vault.
Answer accepted by question author
@Gerhart Jan Welcome to Microsoft Q&A Forum, Thank you for posting your query here
Microsoft doesn't have access to the keys Customer(you) is owner and responsible for the key lifecycle. We just provide the key vault as container for the key and also soft delete option but we don't have access to the keys.
Please let us know if you have any further queries. I’m happy to assist you further.
----------
Please do not forget to 
and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.
Hi @Gerhart Jan ,
1) You could use Customer Lockbox in order to provide access for MS Engineer so they will be able do some troubleshooting.
2) The Lockbox do not support access to Key Vault.
https://learn.microsoft.com/en-us/azure/security/fundamentals/customer-lockbox-overview
3) They will try to help you solve the problem.