Notizie per Categorie
Articoli Recenti
- [In preview] Public Preview: Azure Managed Instance for Apache Cassandra v5.0 13 Agosto 2025
- [Launched] Generally Available: Azure Database for PostgreSQL flexible server in Malaysia West 13 Agosto 2025
- [In preview] Public Preview: Azure Cosmos DB for MongoDB (vCore) encryption with customer-managed key 13 Agosto 2025
- [Launched] Generally Available: Deployment resumption – Azure Automation revised Service and Subscription limits 13 Agosto 2025
- Customer Managed Key (CMK) Updates: Enhancing Security, Flexibility, and Global Reach 12 Agosto 2025
- [In preview] Public Preview: Announcing Tenant-Level Service Health Alerts in Azure Monitor 11 Agosto 2025
- [In preview] Public Preview: Introducing Azure App Testing: Scalable End-to-end App Validation 11 Agosto 2025
- [Launched] General Available: App Service Inbound IPv6 Support 11 Agosto 2025
- [Launched] Generally Available: Upsert and Script Activity in Azure Data Factory and Azure Synapse Analytics for Azure Database for PostgreSQL 11 Agosto 2025
- Effortless Visibility and Operational Insights for All with Monitor 11 Agosto 2025
Customer Managed Key (CMK) Updates: Enhancing Security, Flexibility, and Global Reach
We are excited to share the latest developments in Customer Managed Key (CMK) management for Power Platform Environments.
As data security evolves, organizations must keep up with best practices and technology to protect sensitive information. Customer Managed Key (CMK) solutions give organizations direct control over encryption keys, strengthening security. We have made recent updates to Customer Managed Key (CMK) functionality:
Faster key application with less downtime.
Improved handling of key vault access changes.
Expanded global availability.
Transition from Bring-Your-Own-Key (BYOK) to CMK.
Reducing System Downtime During Key Application: A Smoother Encryption Journey
Previously, applying a new encryption key or reverting CMK environment to Microsoft Managed key meant the environment had to be taken offline so core services could complete encryption. Although this ensured security, it often led to prolonged downtime, disrupting productivity and business operations.
To address these challenges, the key application process now enables online access as soon as core services finish encrypting with the new customer-managed key. Users can return to their environment much sooner, while secondary services complete encryption in the background.
When encryption status changes from “Encrypting” to “Encrypting – online”, the environment is enabled for online access.
Managing Downtime When Key Vault Access is Revoked: Greater Control and Clarity
Access to your key vault is central to customer-managed key solutions. If this access is revoked, whether on purpose or by mistake, any environment using that key becomes unavailable. Previously, restoring access and system functionality was often slow and required support help from Microsoft.
A new self-service feature gives environment admins more control. Now, once access is restored, local admin can re-enable their environment independently—no need to wait for support or actions from Microsoft.
This update helps organizations respond quickly to permission issues, reducing downtime and improving operational flexibility.
Global Expansion: Customer Managed Key availability in GCC-High
Organizations in government, defense, and other highly regulated sectors often need strict data residency and compliance. For U.S. government entities, GCC-High provides a secure, compliant cloud environment.
Customer Managed Key (CMK) will soon be available in GCC-High, giving organizations in this environment access to the same advanced key management and encryption controls as commercial and specialized clouds.
What this means for you:
Unified key management: Standardize encryption practices across all your cloud environments.
Compliance-ready: Federal and defense organizations can meet strict security requirements by managing their own keys in GCC-High.
Wider adoption: More agencies and contractors can now confidently use Power Platform and related services.
Bring-Your-Own-Key (BYOK) Deprecation and Migration Guidance
Bring-Your-Own-Key (BYOK) was an early approach to customer-managed encryption, allowing organizations to supply their own keys for use in securing their data. However, as technology and security expectations have advanced, CMK has emerged as the preferred and supported solution, offering greater integration, management, and supportability.
All Power Platform services are moving to exclusively support Customer Managed Key. BYOK is now deprecated, and customers with existing BYOK environments are required to migrate to CMK. The deadline for this migration is January 2026.
What this means for you:
Plan your migration: If your organization currently relies on BYOK, you have until January 2026 to transition to CMK.
Get support: Reach out to your account manager or raise a support ticket to begin the migration process or to request assistance.
Future-ready: CMK offers improved functionality, better integration, and ongoing support for all Power Platform services.
It is strongly recommended that customers begin planning for migration as soon as possible to avoid last-minute issues and to take full advantage of the superior security and management features offered by CMK.
Get Started Today
Check out the documentation to learn more and get started:
Manage your customer-managed encryption key – Power Platform | Microsoft Learn
Lock and unlock environments through key vault access – Power Platform | Microsoft Learn
Review the environment’s encryption status
CMK in Sovereign clouds
Migrate bring-your-own-key (BYOK) environments to customer-managed key – Power Platform | Microsoft Learn
The post Customer Managed Key (CMK) Updates: Enhancing Security, Flexibility, and Global Reach appeared first on Microsoft Power Platform Blog.
Source: Microsoft Power Platform