Microsoft’s enterprise SaaS products like SharePoint Online, OneDrive for Business, Skype, and Teams offer the ability to own your own encryption keys in an offering called Customer Key. Essentially you own the root keys at the top of the key hierarchy, those keys wrap keys one tier lower, all the way down to the data at the hierarchy bottom. The primary objective of this, according to the documentation which I will link at the bottom, is to enable cryptographic shredding of your data when you leave the service. You revoke the root keys stored in Azure Key Vault and the rest of the data is ciphertext left to be written over.
What I’m requesting the community’s input on is an ADDITIONAL root key that is automatically generated by Microsoft and stored separately out of key vault. They refer to this as the AVAILABILITY KEY. From your perspective, what is the risk of this key existing? The documentation mentions some security measures taken to secure the key, but the customer does not own this root key!
Your expert risk analysis – or educated conjecture is much appreciated. I love this community! Documentation link: https://docs.microsoft.com/en-us/microsoft-365/compliance/customer-key-availability-key-understand?view=o365-worldwide .