Restore from another subscription
Limitation - This provided key/secret/certificate backup file was from another subscription. Backups can only be restored into the same subscription.
This is required for customer controlled backup/restore control of TDE keys across subscriptions as there is no alternative way to migrate. This limits HA design for certain resources to be contained within a single subscription.
Allow feature via a flag or whitelist of subscriptions.
We have a scenario where we managed SQL server with customer managed key and would like to opt for geo-replication with secondary SQL server in another subscription. Neither key export works nor geo-replication with another subscription.
We have a scenario where we would need to restore a TDE-encrypted database from a NIPRNET government Azure network to a SIPRNET government Azure network. Since these are different subscriptions, we need to be able to migrate TDE keys across networks.