HANDS ON SharePoint
HANDS ON Teams
HANDS ON Lists
HANDS ON tek
M365 Admin
Power Platform – Customer-Managed Key (CMK) encrypted with Azure Key Vault Managed HSM key is now available
We are announcing that you can now use an Azure Key Vault Managed HSM key to encrypt your Dataverse data at-rest.
How does this affect me?
Beginning on May 3, 2024, you can now use a Customer-Managed Key (CMK) with an Azure Key Vault Managed HSM key to encrypt all of your Dataverse environment data.
By default, all your data and configuration information stored in the Power Platform is encrypted at-rest with strong Microsoft-managed encryption keys. Using a CMK provides you with greater control over your data protection by giving you the flexibility to manage or rotate your own encryption keys on demand. A CMK also provides you with the ability to revoke Microsoft’s access to sensitive information by revoking access to the key at any time.
What do I need to do to prepare?
To apply your encryption key to your Power Platform Dataverse environment(s), you will need the following:
- An Azure key vault administrator must:
- Create an encryption key.
- Grant the key access to a Power Platform Enterprise policy.
- A Power Platform or Dynamics 365 service admin must:
- Apply the encryption key to Power Platform environment(s).
For additional information, please refer to the following documentation:
- Information about the release: Encrypt customer data using enhanced customer-managed key.
- Information about Customer Managed Keys (CMK): Manage your customer-managed encryption key in Power Platform.
- Information about migrating to a Customer Managed Key (CMK): Migrate bring-your-own-key (BYOK) environments to customer-managed keys.
Message ID: MC791481
