Skip to main content

Notifications

Announcements

No record found.

Power Platform - Dataverse Customer Managed Key with Azure Key Vault key versioning is now available


Power Platform - Dataverse Customer Managed Key with Azure Key Vault key versioning is now available
Service & monthly active users

Here's a summary of the document:
Main ideas:
  • Azure key vault key versioning for Dataverse: Dataverse customers can now use Azure key vault key versioning to rotate and swap their encryption keys on demand.
  • Benefits of customer-managed key encryption: Customer-managed key encryption allows customers to revoke Microsoft's access to their sensitive data by revoking access to the key. It also helps customers comply with their security policies on key rotation.
  • Requirements for key rotation: To rotate the encryption key using Azure key vault key versioning, customers need an Azure key vault administrator who has full ownership rights to the key vault and access to the key. The administrator can set up a rotation policy or rotate the key manually.
  • Impact of key rotation on Dataverse environments: The new key version is automatically applied to re-encrypt the data in the background and there is no downtime for the Dataverse environments. The Power Platform admin does not need to take any action.

Power Platform
Message Summary
The Microsoft Power Platform empowers you to do more with less by making it easier than ever to securely scale low-code adoption, increase organizational collaboration, and infuse AI and automation into all your business processes. Microsoft Power Platform comes with advanced risk and compliance features that give you an easy cost-effective way to cover your risks and compliance needs. As part of these investments, we are pleased to announce the Azure key vault key versioning to support your key rotation is now generally available.

How does this affect me?
Starting on January 25, 2024, the Customer Managed Key with Azure Key Vault key versioning will be generally available for use in all Dataverse environments.

When managed key encryption is used, all business-critical data is encrypted with a user-provided Azure Key Vault key. This provides the ability for you to rotate and swap the encryption key on demand. It also provides the ability for you to revoke Microsoft’s access to sensitive information by revoking the access to the key, at any time.

To comply with your security policy on rotating your encryption key, you can now rotate the encryption key using the Rotation policy by either configuring a rotation policy or rotate on demand, by invoking Rotate now.


What action do I need to take?
To rotate your encryption key with Azure key vault key versioning, you will need the following:


 
  1. An Azure key vault administrator who:
    • Has access to the key vault where your encryption key was created.
    • Has full ownership rights to the key vault.
  2. Set up a key rotation policy or run the key rotate now (to generate and activate a new key version).
The new key version is automatically applied to re-encrypt your data in the background and there is no action required by the Power Platform admin. The environment(s) associated with this key are not taken offline while the re-encryption is occurring.

For additional information, please refer to the following documentation:


 

Comments

*This post is locked for comments