The Microsoft Power Platform empowers you to do more with less by making it easier than ever to securely scale low-code adoption, increase organizational collaboration, and infuse AI and automation into all your business processes. Microsoft Power Platform comes with advanced risk and compliance features that give you an easy cost-effective way to cover your risks and compliance needs. As part of these investments, we are pleased to announce the Azure key vault key versioning to support your key rotation is now generally available.
How does this affect me?
Starting on January 25, 2024, the Customer Managed Key with Azure Key Vault key versioning will be generally available for use in all Dataverse environments.
When managed key encryption is used, all business-critical data is encrypted with a user-provided Azure Key Vault key. This provides the ability for you to rotate and swap the encryption key on demand. It also provides the ability for you to revoke Microsoft’s access to sensitive information by revoking the access to the key, at any time.
To comply with your security policy on rotating your encryption key, you can now rotate the encryption key using the Rotation policy by either configuring a rotation policy or rotate on demand, by invoking Rotate now.
What action do I need to take?
To rotate your encryption key with Azure key vault key versioning, you will need the following:
- An Azure key vault administrator who:
- Has access to the key vault where your encryption key was created.
- Has full ownership rights to the key vault.
- Set up a key rotation policy or run the key rotate now (to generate and activate a new key version).
The new key version is automatically applied to re-encrypt your data in the background and there is no action required by the Power Platform admin. The environment(s) associated with this key are not taken offline while the re-encryption is occurring.
For additional information, please refer to the following documentation:
- Information about the release: Encrypt customer data using enhanced customer-managed key.
- Information about Customer managed key: Manage your customer-managed encryption key in Power Platform.
- Information about rotating key using Azure key vault key versioning: Change the environment’s encryption key with a new key version.