Are platform managed keys (SSE+PMK at rest) per resource or do they use a shared key across customers?

Josh Heman 1 Reputation point
2022-06-09T21:48:10.253+00:00

Trying to find official confirmation. My AZ-500 course indicated they were per resource but mostly stressed that it was all backend and you don't have to worry about it. Security has concerns about shared keys being used or leaked as that was a concern in AWS very early on, hoping to find official documentation that indicates one way or the other?

Thanks in advance!

Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
7,874 questions
Azure Disk Encryption
Azure Disk Encryption
An Azure service for virtual machines (VMs) that helps address organizational security and compliance requirements by encrypting the VM boot and data disks with keys and policies that are controlled in Azure Key Vault.
174 questions
Azure Disk Storage
Azure Disk Storage
A high-performance, durable block storage designed to be used with Azure Virtual Machines and Azure VMware Solution.
631 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. risolis 8,721 Reputation points
    2022-06-09T22:05:43.917+00:00

    Hello @Josh Heman

    Thank you for your post.

    After reading your concern, I would like to gather you the following article below:

    https://video2.skills-academy.com/en-us/azure/virtual-machines/disk-encryption-overview

    On that link, you can focus on the chart comparison and read this part Encryption at rest with platform-managed key (SSE+PMK) segment.

    Looking forward to your feedback,

    Best Regards,

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.