Skip to content

Commit

Permalink
Merge pull request #2218 from paulliew/patch-7
Browse files Browse the repository at this point in the history
Update cmk-migrate-from-byok.md
  • Loading branch information
sericks007 committed Oct 25, 2023
2 parents 0da2e12 + fc86c79 commit 45f5e94
Showing 1 changed file with 7 additions and 3 deletions.
10 changes: 7 additions & 3 deletions power-platform/admin/cmk-migrate-from-byok.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,18 +5,22 @@ author: paulliew
ms.author: paulliew
ms.reviewer: matp, ratrtile, sericks
ms.topic: how-to
ms.date: 08/09/2023
ms.date: 10/25/2023
ms.custom: template-how-to

---

# Migrate bring-your-own-key (BYOK) environments to customer-managed key

For customers using the previous [manage the encryption key](manage-encryption-key.md) (BYOK) feature, they can change their BYOK enabled environment's encryption to use the new customer-managed key. You can also add your existing non-BYOK enabled environments to use the new customer-managed key.
For customers using the previous [manage the encryption key](manage-encryption-key.md) (BYOK) feature, they can change their BYOK enabled environment's encryption to use the new [customer-managed key](customer-managed-key.md). You can also add your existing non-BYOK enabled environments to use the new customer-managed key.

- Add non-BYOK enabled environments – these are environments that you haven’t encrypted with your own key.
- Migrate BYOK enabled environments – these are environments that you have encrypted with your own key.

> [!IMPORTANT]
> We have assigned an account manager to each of the BYOK tenants to assist in your BYOK migration. Your account manager will work with you to develop a migration plan. The account manager will submit an internal service ticket to the engineering team to start the process where we first remove the BYOK feature flag from your Power Platform admin center. You will then start the migration as described in this documentation. We automatically complete the final migration steps when you move your last BYOK environment to customer-managed key. This is where we remove the SQL service restriction from all your remaining environments and remove the BYOK key vaults from your tenant, after 28 days from the date the final BYOK environment was migrated.
> You can migrate to [customer-managed key](customer-managed-key.md) immediately without the need to contact Microsoft. If you need assistance, reach out to your FastTrack or account manager, or submit a support ticket.
>
> Upon completion of migrating your last BYOK environment, create a support ticket and request Microsoft to remove the BYOK option from your Power Platform admin center. Microsoft will also remove the SQL service restriction from all of your remaining environments and delete the BYOK key vaults from your tenant, after 28 days from the date the final BYOK environment was migrated.
>
> Once an environment is migrated to customer-managed key, the audit log is automatically moved to Azure CosmosDB and the upload files and images are moved to file storage and are encrypted automatically with the customer-managed key. When BYOK-enabled environments are migrated to this key management feature, the BYOK key in the Microsoft key vault is retained for at least 28 days so that support is available for restoring the environment.
>
Expand Down

0 comments on commit 45f5e94

Please sign in to comment.