Ensure Automatic Key Rotation is Enabled Within Azure Key Vault for the Supported Services

Why This Matters

When automatic key rotation is not enabled, you must manually update encryption keys in Azure Key Vault before they expire. This creates operational risk: expired keys can cause service disruptions for storage accounts, managed disks, and other dependent services that rely on those keys. Configuring auto rotation ensures keys are renewed automatically based on your organization’s policy, reducing administrative overhead and preventing unintentional downtime.

What Aether365 Checks

Aether365 verifies that automatic key rotation is enabled for keys within Azure Key Vault that support this feature. This check appears in your Aether365 dashboard under the azure-azure-keyvault checks category.

How to Fix

Follow these steps to enable automatic key rotation from the Azure Portal:

Microsoft references

• How to configure key rotation
• Customer managed keys overview
• Disks enable customer managed keys powershell
• Public preview automatic key rotation of customermanaged keys for encrypting azure managed disks
• Rotation policy