Skip to main content

Generally available: Encrypt managed disks with cross-tenant customer-managed keys

Published date: November 14, 2022

Encrypting managed disks with cross-tenant customer-managed keys (CMK) enables you to encrypt managed disks with customer-managed keys using Azure Key Vault hosted in a different Azure Active Directory (AD) tenant. 

Many service providers building Software as a Service (SaaS) offerings on Azure want to give their customers the option of managing their own encryption keys. Customers of service providers can now use cross-tenant customer-managed keys to manage encryption keys in their own Azure AD tenant and subscription using Azure Key Vault. As a result, they will have complete control of their customer-managed keys and their data.

Read the documentation to learn more.

  • Azure Disk Storage
  • Features