![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 51%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
Azure Dedicated HSM
An Azure service that provides hardware security module management.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 17%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPC%3C/text%3E%3C/svg%3E)
Hi @Riley,
Thank you for posting your query on Microsoft Q&A.
As per our understanding, you would like to know if it is possible to change the partition policies on Azure Dedicated HSMs. If that is not possible, you want to understand how to view the current partition policies on your HSM. Additionally, you are seeking information about what to expect regarding key migration and policy management considering the upcoming retirement of Azure Dedicated HSM.
Please review the detailed responses to your concerns below:
- Can I change partition policies on Azure Dedicated HSMs? No, partition policies on Azure Dedicated HSMs are set when the partition is created and cannot be changed afterward. These policies control things like cryptographic capabilities and quorum settings. Changing them later would require zeroizing the partition, which deletes all keys and data. SSH access to the HSM is not available; all management is done via the Azure Portal or Azure CLI.
- How can I check my current partition policies? You can review your partition policies either through the Azure Portal or Azure CLI:
- In the Azure Portal, go to your Dedicated HSM resource, select Partitions under Settings, and click on each partition to see size, quorum, and capabilities.
- Via Azure CLI, use commands like:
- In the Azure Portal, go to your Dedicated HSM resource, select Partitions under Settings, and click on each partition to see size, quorum, and capabilities.
az dedicated-hsm partition list --resource-group MyResourceGroup --hsm-name MyHsmName --output table
and
az dedicated-hsm partition show --resource-group MyResourceGroup --hsm-name MyHsmName --partition-name PartitionName --output json
- What if I need a different partition policy? To use a different policy, create a new partition with the desired settings and migrate or recreate your keys there. The existing partition’s policy cannot be updated.
- What should I know about the retirement of Azure Dedicated HSM and migration? Since Azure Dedicated HSM is being retired, you should plan to migrate to Azure Managed HSM or Azure Key Vault HSM. Note that:
- You cannot migrate existing keys unless the policies are compatible.
- You might need to recreate keys in the new service.
- Reviewing partition policies now will smooth your transition.
- You might need to recreate keys in the new service.
- You cannot migrate existing keys unless the policies are compatible.
References:
https://v4.hkg1.meaqua.org/en-us/azure/dedicated-hsm/
https://v4.hkg1.meaqua.org/en-us/azure/dedicated-hsm/migration-guide
Please "Accept as Answer" if the answer provided is useful, so that you can help others in the community looking for remediation for similar issues.