Manage Encryption Profiles
Encryption profiles allow you to use Azure Key Vault to encrypt backup data and tenant-sensitive information (Microsoft 365 usernames, passwords, etc.).
AES-256 is used for encryption with keys unique to each tenant (either default keys or Bring-Your-Own-Key).
The Tenant Owner and Service Administrators can manage encryption profiles in
Encryption Management. From this menu, you can perform the following actions:
- Create - Click Create on the ribbon. Then, refer to the instructions in Create an Encryption Profile.
- Apply - To make the key vault in an encryption profile take effect, you must apply the encryption profile. Select the profile and click Apply on the ribbon. A pop-up window appears asking for your confirmation. Click Confirm to proceed. The Applying label is displayed next to the profile name. When the key vault in the profile is successfully applied, the Applying status is changed to Used.
- Edit - Select an encryption profile and click Edit
on the ribbon.
If you want to change your key vault used in an encryption profile, refer to the details in What Should I Do If I Need to Change My Azure Key Vault or Keys? to see in which scenario you need to edit an encryption profile.
Note: The Default Encryption Profile cannot be edited. - Delete – Select one or more encryption profiles and click
Delete on the ribbon. A pop-up window appears asking for your confirmation.
Click Confirm to proceed.
If you want to change the key used in an encryption profile, refer to the details in What Should I Do If I Need to Change My Azure Key Vault or Keys? to see when an encryption profile and the key specified in the profile can be deleted.
Note: IBM Storage Protect for
Cloud provides a default encryption profile.
You can also create a custom encryption profile and apply
it.