Power Platform – Customer-Managed Key (CMK) service updates new feature announcements

Originally posted by Microsoft Sep 14, 2023 Uncategorized 0 Comments

We are announcing Customer-Managed Key (CMK) service updates for Power Platform. CMK provides the ability for your organization to manage your encryption keys in your Azure key vault and allows you to use separate encryption keys for different Dataverse environments. New features will be available on Friday, September 8, 2023.

Generally available:

• Encrypt your environment with key from Azure Key vault with private link

Preview:

• Encrypt your environment data with key from Azure Key Vault managed HSM (Hardware Security module)
• Auto rotate your encryption key using Azure Key Vault key version

What do I need to do to prepare?

To apply your encryption key to your Power Platform Dataverse environments, you will need the following:

1. An Azure key vault administrator who can:
   1. Create an encryption key.
   2. Grant the key access to a Power Platform Enterprise policy.
2. A Power Platform or Dynamics 365 service admin who can:
   1. Enable the BYOK environment to Managed Environment.
   2. Apply the encryption key to Power Platform environment(s).

Please review the full list of operations that are performed by the Azure key vault and Power Platform/Dynamics 365 admins.

To learn more about CMK, please refer to the documents below:

• Manage your customer-managed encryption key in Power Platform
• Migrate from BYOK to self-managed key with Power Platform

Message ID: MC675107