Microsoft announces the general availability of a new feature for Power Automate: Customer-Managed Keys (CMK). This feature, following a successful public preview, allows customers to use their own encryption keys to secure their data. It provides an added level of security, particularly beneficial to industries such as Healthcare and Financial Services.
Using CMK, customers can utilize an encryption key from their own Azure Key Vault, enhancing control over cloud data encryption. This key can then be applied across new Power Platform environments through an enterprise policy. The integration ensures that all services supporting CMK leverage the customer's own key for data encryption, thus bolstering data security and privacy.
Once CMK is applied, both flow definitions and flow run history within Power Automate are encrypted with the customer's keys. This feature supports new environments that currently have no flows; existing flows in an environment will remain encrypted with Microsoft's default keys. Importantly, admins have the option to lock environments, ensuring a total data lockdown.
Encouragement is extended to the Power Automate community for feedback and questions. This new advancement underscores Microsoft's commitment to providing secure and customizable solutions to its user base.
Customer-managed keys offer a way for data to be encrypted using an Azure Key Vault key that you have created and own. This gives you complete control over the lifecycle and management of the key, including tasks like rotation. For additional information, head over to https://aka.ms/automation-cmk.
Customer-managed encryption keys are those that you maintain through Cloud KMS, which provides you with enhanced control over the encryption keys used to secure data at rest within certain Google Cloud services. For details on which services are compatible with CMEK keys, refer to the official list of supported services.
With the activation of customer-managed key features, App Configuration leverages a managed identity associated with the App Configuration service to authenticate with Microsoft Entra ID. This managed identity proceeds to communicate with Azure Key Vault, wrapping the encryption key of the App Configuration instance.
Microsoft-managed keys represent a scenario where Microsoft's online services autonomously generate and manage the root keys necessary for Service Encryption. For customers needing to have control over their root encryption keys, the Service Encryption utilizing Microsoft Purview Customer Key is suggested.
Power Automate Customer-Managed Keys, Customer-Managed Keys Power Automate, Power Automate New Features, Power Automate Security, Enhanced Security Power Automate, Power Automate Encryption, User-Controlled Encryption Power Automate, Power Automate Data Protection