Skip to main content

Announcing General Availability of Customer Managed Keys for Power Apps

Headshot of article author Amy Chern

We are excited to announce the General Availability of Customer Managed encryption keys for Power Apps data in your environments! Customer Managed encryption keys (CMK) provide an added data protection layer for your cloud assets on top of the Microsoft-managed default encryption keys. This extra protection is especially relevant for highly regulated industries like Healthcare and Financial Services and is now available for all managed environments.

What’s new?

By default, Microsoft-managed encryption keys are used to encrypt and secure all customer data. However, to give customers greater control over their own data, CMK allows customers to instead leverage an encryption key from their own Azure Key vault, which Microsoft does not manage. Once the CMK policy is applied to the environment, all existing and future Power Apps data – the app source code and assets – will maintain encryption via the customer’s encryption key. This will also be applied retroactively to any Power Platform environment already enabled for CMK. This change is an admin-led action that will be invisible to makers and end-users using Power Apps today.

You can find step-by-step instructions on how to apply this to your environments at

Admins can add the policy to apply CMK to their environments in PPAC.