Description
Transition to Azure RBAC
You’re receiving this email because you’re using Azure Key Vault.
On 27 February 2027, all Azure Key Vault API versions prior to 2026-02-01 will be retired.
Azure Key Vault API version 2026-02-01—releasing in February 2026—introduces an important security update: Azure role-based access control (RBAC) will be the default access control model for all newly created vaults. Existing key vaults will continue using their current access control model. Azure portal behavior will remain unchanged.
If you’re using legacy access policies for new and existing vaults, we recommend migrating to Azure RBAC before transitioning to API version 2026-02-01. To learn why Azure RBAC is critical to security, read our blog.
If you want to continue using legacy access policies for new key vault creation after transitioning to API version 2026-02-01, you'll need to explicitly configure access policies as the access control model in your CLI, PowerShell, Rest API, ARM, Bicep, and Terraform templates. If you don’t take this action, all newly created vaults will be created with Azure RBAC as the default access control model, which can result in HTTP 403 errors and failures in your code and operations due to missing roles.
Required action
Migrate new and existing vaults to Azure RBAC before transitioning to API version 2026-02-01 or explicitly configure new vaults to use legacy access policies.
You’ll need to transition to API version 2026-02-01 before 27 February 2027, when all prior APIs will be retired.
Additional Information
No response
Tasks
No response
Description
Transition to Azure RBAC
You’re receiving this email because you’re using Azure Key Vault.
On 27 February 2027, all Azure Key Vault API versions prior to 2026-02-01 will be retired.
Azure Key Vault API version 2026-02-01—releasing in February 2026—introduces an important security update: Azure role-based access control (RBAC) will be the default access control model for all newly created vaults. Existing key vaults will continue using their current access control model. Azure portal behavior will remain unchanged.
If you’re using legacy access policies for new and existing vaults, we recommend migrating to Azure RBAC before transitioning to API version 2026-02-01. To learn why Azure RBAC is critical to security, read our blog.
If you want to continue using legacy access policies for new key vault creation after transitioning to API version 2026-02-01, you'll need to explicitly configure access policies as the access control model in your CLI, PowerShell, Rest API, ARM, Bicep, and Terraform templates. If you don’t take this action, all newly created vaults will be created with Azure RBAC as the default access control model, which can result in HTTP 403 errors and failures in your code and operations due to missing roles.
Required action
Migrate new and existing vaults to Azure RBAC before transitioning to API version 2026-02-01 or explicitly configure new vaults to use legacy access policies.
You’ll need to transition to API version 2026-02-01 before 27 February 2027, when all prior APIs will be retired.
Additional Information
No response
Tasks
No response