{"id":132281,"date":"2025-08-12T07:00:00","date_gmt":"2025-08-12T14:00:00","guid":{"rendered":""},"modified":"2025-08-08T08:12:53","modified_gmt":"2025-08-08T15:12:53","slug":"customer-managed-key-updates","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/2025\/08\/12\/customer-managed-key-updates\/","title":{"rendered":"Customer Managed Key (CMK) Updates: Enhancing Security, Flexibility, and Global Reach\u00a0"},"content":{"rendered":"\n

We are excited to share the latest developments in Customer Managed Key (CMK) management for Power Platform Environments. <\/p>\n\n\n\n

As data security evolves, organizations must keep up with best practices and technology to protect sensitive information. Customer Managed Key (CMK) solutions give organizations direct control over encryption keys, strengthening security. We have made recent updates to Customer Managed Key (CMK) functionality: <\/p>\n\n\n\n

    \n
  1. Faster key application with less downtime. <\/li>\n\n\n\n
  2. Improved handling of key vault access changes.<\/li>\n\n\n\n
  3. Expanded global availability.<\/li>\n\n\n\n
  4. Transition from Bring-Your-Own-Key (BYOK) to CMK.  <\/li>\n<\/ol>\n\n\n\n

    Reducing System Downtime During Key Application: A Smoother Encryption Journey <\/h2>\n\n\n\n

    Previously, applying a new encryption key or reverting CMK environment to Microsoft Managed key meant the environment had to be taken offline so core services could complete encryption. Although this ensured security, it often led to prolonged downtime, disrupting productivity and business operations.  <\/p>\n\n\n\n

    To address these challenges, the key application process now enables online access as soon as core services finish encrypting with the new customer-managed key. Users can return to their environment much sooner, while secondary services complete encryption in the background. <\/p>\n\n\n\n

    When encryption status changes from \u201cEncrypting\u201d<\/strong> to \u201cEncrypting \u2013 online\u201d,<\/strong> the environment is enabled for online access. <\/p>\n\n\n\n

    \"Reducing<\/figure>\n\n\n\n

    Managing Downtime When Key Vault Access is Revoked: Greater Control and Clarity <\/h2>\n\n\n\n

    Access to your key vault is central to customer-managed key solutions. If this access is revoked, whether on purpose or by mistake, any environment using that key becomes unavailable. Previously, restoring access and system functionality was often slow and required support help from Microsoft. <\/p>\n\n\n\n

    A new self-service feature gives environment admins more control.  Now, once access is restored, local admin can re-enable their environment independently\u2014no need to wait for support or actions from Microsoft. <\/p>\n\n\n\n

    This update helps organizations respond quickly to permission issues, reducing downtime and improving operational flexibility. <\/p>\n\n\n\n

    \"Managing<\/figure>\n\n\n\n

    Global Expansion: Customer Managed Key availability in GCC-High<\/h2>\n\n\n\n

    Organizations in government, defense, and other highly regulated sectors often need strict data residency and compliance. For U.S. government entities, GCC-High provides a secure, compliant cloud environment. <\/p>\n\n\n\n

    Customer Managed Key (CMK) will soon be available in GCC-High, giving organizations in this environment access to the same advanced key management and encryption controls as commercial and specialized clouds. <\/p>\n\n\n\n

    What this means for you:<\/strong> <\/p>\n\n\n\n