![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(48, 57.99999999999999%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHC%3C/text%3E%3C/svg%3E)
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
Hello Harry !
Thank you for posting on Microsoft Learn Q&A.
Azure doesn’t expose the underlying HSM make a version of your individual managed HSM instance via any API, CLI, or portal surface and that information is managed by Microsoft and validated centrally and not per tenant.
Microsoft publicly states that Azure Key Vault Managed HSM uses Marvell LiquidSecurity hardware and is validated to FIPS 140-3 Level 3. NIST CMVP certificate #4700 covers the Marvell NITROXIII/CNN35XX family.
https://learn.microsoft.com/en-us/azure/key-vault/managed-hsm/firmware-update
The managed HSM overview (and the 2025 firmware update note) are the official statements you can reference in compliance packages.
https://learn.microsoft.com/en-us/azure/key-vault/managed-hsm/overview
Microsoft owns firmware lifecycle and publishes the compliance posture for the service as a whole. The managed HSM REST Get surface only returns a pool or a service metadata not hardware or firmware identifiers.