You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Revise article on disabling key-based authentication for ASR
Updated the article to clarify the process of disabling key-based authentication on cache accounts used by Azure Site Recovery. Improved language for better readability and security compliance recommendations.
Copy file name to clipboardExpand all lines: articles/site-recovery/asr-turning-off-key-auth-cache.md
+12-19Lines changed: 12 additions & 19 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -8,36 +8,29 @@ ms.topic: concept-article
8
8
ms.date: 09/16/2025
9
9
ms.author: swbela_microsoft
10
10
11
-
# Customer intent: As a Site Recovery administrator, I want to turn off key-based authentication on cache account used by Azure Site Recovery.
11
+
# Customer intent: Turn off key-based authentication on cache account used by Azure Site Recovery.
12
12
---
13
13
14
14
# Overview
15
-
Key-based access on cache storage account was mandatory for successful functioning of ASR. Recently we have made changes to support cache accounts which have turned off Key based authentication. This article explains about Key-based access to cache accounts and howto turn off Key-based access on cache account, while you ensure no impact on replication.
15
+
Previously, key-based access was required for cache storage accounts used by Azure Site Recovery (ASR). ASR now supports cache accounts with key-based authentication disabled. This article explains how to turn off key-based access without disrupting replication.
16
16
17
+
We recommend disabling key-based authentication on cache storage accounts for security compliance.
17
18
18
19
## Prerequisites
19
-
Before you begin ensure you:
20
-
1. Enable Managed Identity on the Recovery Services Vault. Follow below guide on how to do it.
*[Enable Managed Identity on the Recovery Services Vault](https://learn.microsoft.com/en-us/azure/site-recovery/azure-to-azure-how-to-enable-replication-private-endpoints#enable-the-managed-identity-for-the-vault)
23
22
24
-
3. Grant access to Recovery services vault managed identity to read-write to cache account. Follow this guide.
For higher security of Azure storage, we recommend you to Tturn off of key-based authentication.
23
+
*[Grant access to Recovery services vault managed identity to read-write to cache account](https://learn.microsoft.com/en-us/azure/site-recovery/azure-to-azure-how-to-enable-replication-private-endpoints#grant-required-permissions-to-the-vault)
30
24
31
25
### Scenario 1
32
-
If you are already using a scenario that requires use of recovery services vault identity, then you just need to perform step in "Related Content".
26
+
If the Recovery Services Vault already has a managed identity enabled, follow the steps in the [Related Content](#Related-content).
33
27
34
28
### Scenario 2
35
-
If your vault does not have managed identity when VMs were protected, managed identity can be added after VMs are protected as well.
36
-
To do this, ensure you meet the prerequisites and then turn off Key-based authorization on cache account.
29
+
If the vault lacked a managed identity when VMs were initially protected, you can add it afterward. Once prerequisites are met, you can safely disable key-based access on the cache account.
37
30
38
-
If you have Virtual Machines or servers which are already protected with ASR, disable-enable is not required in either scenario. Replication will continue seamlessly if prerequisites are done correctly before turning off Key-based access.
39
31
40
-
## Related content
41
-
Turn off the key based access on cache account.
32
+
> [!NOTE]
33
+
> Replication will continue without interruption if prerequisites are completed before disabling key-based access. Do not disable and re-enable protection for existing VMs or servers after completing prerequisites.
0 commit comments