Encryption administrators can only see the workspaces and keys for the tenant to which they belong.
Encryption administrators can:
- Create, read, and update encryption keys
- Assign the Encryption Admin role
- Remove the Encryption Admin role
Note: To unassign yourself from the encryption administrator role, have another encryption administrator unassign you. Encryption administrators cannot unassign themselves from the Encryption Admin role.
Encryption admin policy