Do you have an idea or a suggestion for Azure Key Vault based on your experience?

Deny users with inherited permissions to Azure Key Vault Service from modifying Access Policies.

It should be possible to provide role separation even from the highest Azure permissions (Global Administrators / Subscription Owners)

As of today, anyone with permissions to modify the service, can change Access Policies and give themselves permissions to Keys and Secrets.

Perhaps an extra level of Security linked to Azure Active Directory where only specified groups or users would have the ability to modify access policies.

15 votes
Sign in
(thinking…)
Sign in with: Microsoft
Signed in as (Sign out)

We’ll send you updates on this idea

Rob Barat shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

0 comments

Sign in
(thinking…)
Sign in with: Microsoft
Signed in as (Sign out)
Submitting...

Feedback and Knowledge Base