Using a HSM or Software Protected Key

%3CLINGO-SUB%20id%3D%22lingo-sub-1111343%22%20slang%3D%22en-US%22%3EUsing%20a%20HSM%20or%20Software%20Protected%20Key%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1111343%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%3EWhen%20creating%20an%20Azure%20Key%20Vault%20for%20the%20BYOK%20scenario%2C%20we%20can%20choose%20a%20software-protected%20key%20or%20an%20HSM-protected%20key%20in%20the%20Key%20Vault%20service%20.%20Can%20anyone%20provide%20me%20some%20pros%2Fcons%20of%20each%20option%3F%20The%20official%20docs%20are%20rather%20vague.%20%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1111343%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EKey%20Vault%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1517737%22%20slang%3D%22en-US%22%3ERe%3A%20Using%20a%20HSM%20or%20Software%20Protected%20Key%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1517737%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1096%22%20target%3D%22_blank%22%3E%40Dean%20Gross%3C%2FA%3E%26nbsp%3BI%20know%20this%20is%20an%20old%20thread%20and%20you%20have%20undoubtedly%20moved%20on%2C%20but%20just%20in%20case%20someone%20finds%20this%20thread%20and%20is%20also%20looking%20for%20an%20answer%2C%20here%20is%20a%20document%20I%20found%20that%20someone%20else%20had%20shared%20on%20Yammer%20that%20I%20found%20helpful%20(see%20attached).%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1518611%22%20slang%3D%22en-US%22%3ERe%3A%20Using%20a%20HSM%20or%20Software%20Protected%20Key%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1518611%22%20slang%3D%22en-US%22%3EThanks%2C%20you%20are%20right%2C%20that%20project%20is%20finally%20almost%20done.%20Moving%20from%20AD%20RMS%20to%20AIP%20can%20be%20much%20trickier%20than%20advertised.%20Legacy%20tech%20is%20going%20to%20continue%20to%20haunt%20lots%20of%20organizations%20for%20a%20long%20time%3C%2FLINGO-BODY%3E
Respected Contributor

When creating an Azure Key Vault for the BYOK scenario, we can choose a software-protected key or an HSM-protected key in the Key Vault service . Can anyone provide me some pros/cons of each option? The official docs are rather vague.

2 Replies

@Dean Gross I know this is an old thread and you have undoubtedly moved on, but just in case someone finds this thread and is also looking for an answer, here is a document I found that someone else had shared on Yammer that I found helpful (see attached).

Thanks, you are right, that project is finally almost done. Moving from AD RMS to AIP can be much trickier than advertised. Legacy tech is going to continue to haunt lots of organizations for a long time