Encrypt customer data in Power Platform using customer-managed encryption key


This content is archived and is not being updated. For the latest documentation, go to What is Microsoft Dataverse?. For the latest release plans, go to Dynamics 365, Power Platform, and Cloud for Industry release plans.

Enabled for Public preview General availability
Users by admins, makers, or analysts Mar 1, 2023 Jun 1, 2023

Business value

This feature will allow customers to meet their data and privacy policy. All your data that is hosted in Power Platform can be encrypted at-rest using an encryption key provided by you from your own Azure key vault.

Feature details

To meet regulatory and financial data privacy policy, customers can use their own encryption key to encrypt their data at-rest hosted by Power Platform in Microsoft Dataverse. A Power Platform enterprise policy is created, which uses an Azure managed identity to access the key vault encryption key. The Power Platform enterprise policy can be applied to an individual Power Platform environment or a group of environments. All storage types for the environment, such as SQL, Azure File, Azure Cognitive Search, Azure Data Lake Storage, and Azure Cosmos DB, will use the enterprise policy's encryption key to encrypt the environment's data.

See also

Manage your customer-managed encryption key (docs)