encountering an issue with a Key Vault HSM

Question

I am encountering an issue with a Key Vault HSM where Purge Protection has been enabled. Despite my attempts, I am unable to disable or delete this feature. When attempting to purge the managed HSM, the operation fails with the following error message: Operation 'DeletedManagedHsmPurge' is not allowed

Answer 1

Hello @Sarah H001,

Thank you for posting your query on Microsoft Q&A.
Purge Protection is a security feature designed to safeguard against the permanent deletion of Managed HSMs and their keys, even by a malicious insider. It operates like a time-locked recycle bin, ensuring items can only be permanently removed after the retention period ends. During this retention period:

• Deleted HSMs or keys can be recovered at any time.
• Permanent deletion or purging is strictly prohibited until the retention period elapses, at which point the system will automatically purge the HSM or key.

Note:

• No administrator role, permission, or Microsoft intervention can override, disable, or bypass purge protection once it’s enabled.
• If you wish to reuse an HSM name, you must either recover the deleted HSM or wait for the retention period to conclude.

For more details, please refer this link: https://learn.microsoft.com/en-us/azure/key-vault/managed-hsm/recovery?tabs=azure-cli

I hope this information is helpful. Please feel free to reach out if you have any further questions. If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".