This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(262.40000000000003, 99%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EEK%3C/text%3E%3C/svg%3E)
Would Microsoft recommend using a single Key Vault for Azure disk encryption purpose for all "VM"s in a single subscription (not a very large scale environment, about 100 VMs) or would you recommend having a separate Key Vault with each VM/Resource group in the same subscription?
Hi, are there any updates with this case? If not, please select the appropriate response as "Answered." Otherwise please let us know how we can assist you.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(204.8, 38%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMP%3C/text%3E%3C/svg%3E)
It best to use a key vault per application per environment or VM.
This is useful in not sharing confidential items across environments or VMs significantly reduces the dangers of a possible breach.
Make sure you also take regular back ups of your vaults.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(304, 2%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
anonymous user, thank you for reaching out. We usually do recommend using a separate Key Vault specific to each Resource Group in terms of Azure Resources, to make it easier for maintenance.
If VMs are placed in separate resource Groups, its advisable to add one Key Vault per Resource Group to maintain the VMs disks present in that specific Resource Group.
Hope this helps.
Do let us know if this helps and if there are any more queries around this, please do let us know so that we can help you further. Also, please do not forget to accept the response as Answer; if the above response helped in answering your query.
anonymous user, Just wanted to check if the above response helped you or if there are any more queries around this so that we can help you better. Also, please do not forget to accept the response as Answer; if the above response helped in answering your query.
anonymous user, Just wanted to check if the above response helped you or if there are any more queries around this so that we can help you better. Also, please do not forget to accept the response as Answer; if the above response helped in answering your query.