Encrypt customer data using enhanced customer-managed key

Enabled for Public preview General availability
Users by admins, makers, or analysts Jul 14, 2023 Jan 31, 2024

Business value

To enable key admins with better control of their Azure key vault's network access, to provide support for FIPS-140-2 Level 3, and to allow for auto key rotation without taking system downtime.

Feature details

To provide more granular admin control with security by encrypting customer data, admins can protect the Azure key vault by disabling the Azure Key Vault network from public access. Admins can also secure their Azure Key Vault network by using virtual networks and IP addresses. To meet the customer's key rotation policy, we're enabling the support of Azure Key Vault key versioning with auto rotation. This allows customers to rotate the encryption key without system downtime.

For customers who are upgrading from the previous version of managed key, we eliminate the system downtime for the key upgrade. To provide better auditing support, all key operations audit log will be available in Microsoft Purview Audit. In addition, all encrypted environments will be disabled in an event that the admin locks the key by disabling access to their Azure key vault. Upon unlocking the key access, admins can enable the disabled/locked environments using the Power Platform admin center to resume their business operations.

See also

Manage your customer-managed encryption key (docs)