Microsoft recently began enforcing the use of the Azure RBAC (role-based access control) which is a change from the previously used access policies. Azure RBAC comes with a unified access control model that makes it easier to manage and has improved security. This could affect your organization in many ways, but in this blog I want to point out how it will affect access to Key Vault Secrets. Key Vault secrets may be used by your application administrators, consulting partners or 3rd party applications and users for various automations.
What are Key Vault secrets?
Azure Key Vault Secrets are a type of resource in Microsoft Azure that allow you to securely store and manage sensitive information such as API keys, passwords, connection strings, certificates, and other secrets. Key Vault Secrets provide a centralized and secure repository for storing and accessing these sensitive pieces of data.
In Dynamics 365, storing sensitive information like secrets in environment variables is a common practice to secure application configuration. However, it is essential to manage and secure these environment variables properly, ensuring that they are not exposed inadvertently. Azure Key Vault can be integrated with applications to securely retrieve and manage secrets, providing an additional layer of security for sensitive information.
How does the new Azure RBAC affect my organization?
If you have 3rd party applications or automations such as MS Flow, they may be utilizing Key Vault Secrets for access to an applicaton and they may start to see errors such as the following: