Generally Available: Encrypt Premium SSD v2 and Ultra Disks with Cross Tenant Customer Managed Keys

Generally Available: Encrypt Premium SSD v2 and Ultra Disks with Cross Tenant Customer Managed Keys

Cross-tenant customer-managed keys (CMK) for Premium SSD v2 and Ultra Disks are now generally available. This capability allows managed disks to be encrypted using a customer-managed key stored in an Azure Key Vault located in a different Microsoft Entra tenant than the disk resource. This enables scenarios where resource ownership and key ownership are intentionally separated across tenants, for example, in multi-tenant or service provider environments.

Service providers building software-as-a-service (SaaS) solutions on Azure can now offer customers the ability to manage their own encryption keys with Premium SSD v2 and Ultra disks. With cross-tenant CMK support, customers can store and control their keys within their own Microsoft Entra tenant using Azure Key Vault.

As a result, customers maintain full ownership and control of their encryption keys, while also strengthening data governance, security, and compliance across tenant boundaries.