Edit

Troubleshooting data encryption with your own key

  • Article

This article provides a list of problems that can prevent Defender for Cloud Apps from accessing your Azure Key Vault key used to encrypt collected data at rest.

Important

If there is a problem accessing your Azure Key Vault key, Defender for Cloud Apps will fail to encrypt your data and your tenant will be lock down within an hour. When your tenant is locked down, all access to it will be blocked until the cause has been resolved. Once your key is accessible again, full access to your tenant will be restored

Troubleshooting

The following table lists the possible scenarios that can cause data encryption to fail and the actions you can take to resolve them:

Scenario Actions
Missing Key Vault or key permissions In the selected Key Vault, under access policy, make sure that the following key permissions are selected:
Under Key management operations
- List
Under Cryptographic operations
- Wrap key
- Unwrap key

For the selected key, make sure you are using an RSA encryption and that the following operations are permitted:
- Wrap key
- Unwrap key
Azure Key Vault firewall blocking access to key In the selected Key Vault, make sure that the firewall is configured with the following IP addresses:
- 13.66.200.132
- 23.100.71.251
- 40.78.82.214
- 51.105.4.145
- 52.166.166.111
Encryption key is not enabled In the selected key's settings, make sure that the key is enabled.
Screenshot showing key enable option.
Encryption key is not active In the selected key's settings, make sure that the activation date and time is prior to the current date and time.
Screenshot showing key activation date.
Encryption key has expired In the selected key's settings, make sure that the expiration date and time has not passed.
Screenshot showing key expiration date.
Encryption key not found or deleted Verify that the selected key exists in your Key Vault. If key was deleted, recover and enable it again. If the key was moved to another Key Vault, move it back to the selected Key Vault.

If you run into any problems, we're here to help. To get assistance or support for your product issue, please open a support ticket.

Next steps