{"id":"azure-identity-drives-key-protection-scope","text":"Azure identity model choices constrain cryptographic key protection scope: the Entra identity-to-authorization chain determines Key Vault data-plane access, while Key Vault's network-isolated defense-in-depth lifecycle provides tiered FIPS protection — the identity topology (system vs user-assigned MI, app registration across tenants) bounds what key protection levels are reachable.","truth_value":"OUT","source":"","source_url":"","source_hash":"","justifications":[],"dependents":[],"metadata":{"_retracted":true},"explanation":{"steps":[{"node":"azure-identity-drives-key-protection-scope","truth_value":"OUT","reason":"retracted premise"}]}}