General availability: Improvements in Azure Key Vault
Share
Services
Announcing the general availability of [FIPS 140-2 Level 3](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3718) HSMs for Azure Key Vault. For more information on FIPS 140, see [Federal Information Processing Standard (FIPS) 140.](https://learn.microsoft.com/en-us/azure/compliance/offerings/offering-fips-140-2) Azure Key Vault Premium HSMs are now also PCI DSS and PCI 3DS certified, which means that they meet the security requirements of the Payment Card Industry Data Security Standard (PCI DSS) and Payment Card Industry 3-D Secure (PCI 3DS). This is the same compliance level as the HSM devices used by [Managed HSM](https://learn.microsoft.com/azure/key-vault/managed-hsm/overview).
This new capability comes at no extra cost for existing and new customers. Starting today, all new keys and key versions created in Key Vault Premium are protected by these new HSMs, at no additional cost to you. We have modernized the HSM fleet that powers Azure Key Vault to ensure the highest industry levels of protection for our customers. SLAs, performance, and other specifications remain the same. Older key versions will continue to work using the original FIPS 140-2 Level 2 HSMs that powered Azure Key Vault. These improvements have rolled out to all geographies except the UK; availability for the UK will be announced later.
Call to action
All customers should create new versions of keys to take advantage of these improvements and [migrate their workloads to use these new key versions](https://learn.microsoft.com/azure/key-vault/general/migrate-key-workloads). For information on how to determine which HSM platform is protecting your key versions, see [About keys](https://learn.microsoft.com/azure/key-vault/keys/about-keys) and [Key types, algorithms, and operations.](https://learn.microsoft.com/azure/key-vault/keys/about-keys-details)
For help in choosing between Azure's key management offerings, see [How to choose the right key management solution](https://learn.microsoft.com/azure/security/fundamentals/key-management-choose).
* Key Vault
* Azure Key Vault Managed HSM
* Features
* Management
* Security
* [ Key Vault](https://azure.microsoft.com/en-gb/products/key-vault/)
What else is happening at Microsoft Azure?
Read update
Services
Share
Read update
Services
Share
We’re retiring Azure Time Series Insights on 7 July 2024 – transition to Azure Data Explorer
May 31st, 2024
Services
Share