Protect your key vaults with Defender for Key Vault

Azure Key Vault is a cloud service that safeguards encryption keys and secrets like certificates, connection strings, and passwords.

Enable Microsoft Defender for Key Vault for Azure-native, advanced threat protection for Azure Key Vault, providing an additional layer of security intelligence.

Learn more about Microsoft Defender for Key Vault.

You can learn more about Defender for Key Vault's pricing on the pricing page.


Enable the Key Vault plan

Microsoft Defender for Key Vault detects unusual and potentially harmful attempts to access or exploit Key Vault accounts. This layer of protection helps you address threats even if you're not a security expert, and without the need to manage third-party security monitoring systems.

To enable Defender for Key Vault plan on your subscription:

  1. Sign in to the Azure portal.

  2. Search for and select Microsoft Defender for Cloud.

  3. In the Defender for Cloud menu, select Environment settings.

  4. Select the relevant subscription.

  5. On the Defender plans page, toggle the Key Vault plan to On.

    Screenshot of the Defender for Cloud plans that shows where to enable the key vault plan toggle.

  6. Select Save.

Next steps

Overview of Microsoft Defender for Key Vault