Microsoft \ platform-managed key Azure Rotation

  • SSE with PMK is server-side encryption with a platform-managed key.
  • SSE with CMK is server-side encryption with a customer-managed key.
  • ADE is Azure disk encryption ( Azure Disk Encryption leverages either the DM-Crypt feature of Linux or the BitLocker feature of Windows to encrypt managed disks with customer-managed keys within the guest VM. )

As Microsoft Manage your keys ( not Customer Managed Keys ( CMK )  )  – How often exactly are Microsoft-managed keys rotated · Issue #68838 · MicrosoftDocs/azure-docs · GitHub

The Microsoft-managed key is rotated appropriately per compliance requirements. Note that the frequency may change without notice. Azure does not expose the logs to indicate rotation to customers. If you have specific key rotation requirements, then we recommend that you move to customer-managed keys. That way, you can manage and audit the rotation yourself.

So if you have a required key rotation period we will need to change your encryption of disks to CMK ( Server or Client Side )

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...