Microsoft Purview Customer Key for Windows 365 Cloud PCs
Microsoft Purview Customer Key is a security feature that lets you add an extra layer of compliance to your data within Microsoft 365 services.
When you use Customer Key with Windows 365 Cloud PCs:
- Your Cloud PC disks, snapshots, and images are encrypted at rest with customer-managed keys instead of Microsoft-managed keys.
- These keys are supplied by you and managed using Azure Key Vault.
- Microsoft manages all other keys, supporting a secure and controlled environment.
Set up Customer Keys for your Windows 365 Cloud PCs
Set up Customer Key as explained in the Microsoft Purview Customer Key documentation.
Create a data encryption policy for use with multiple workloads for all tenant users. This step includes assigning a multi-workload policy. After completing this step, it takes 3-4 hours to update your Intune admin center to include the Configure button.
Sign in to the Microsoft Intune admin center > Tenant administration > Cloud PC encryption type > Configure.
Under Configure encryption type, select Microsoft Purview Customer Key > Encrypt existing Cloud PCs.
In the confirmation window, select Encrypt. A notification states that encrypting started.
Encryption forces a restart for each Cloud PC.
Encryption is limited to 20,000 Cloud PCs at a time. You can repeat these steps to encrypt more Cloud PCs.
Encryption can take a long time based on the number of Cloud PCs and the size of the disks. The Cloud PC encryption type page is updated with a notification when the encryption is complete.
Next steps
For more information about Microsoft Purview Customer Key, see Overview of service encryption with Microsoft Purview Customer Key.