Do others ever have the need to delete UPKs from FRP?
We see need to delete UPKs to satisfy our audit/policy/regulation around Key Management and Key Destruction, and also for testing and troubleshooting.
Currently the process to delete a UPK is very cumbersome and could introduce negative consequences.
The KB about deleting a UPK is incomplete, and does not account for all the steps that need to be taken, which are:
Taking these steps can lead to negative situations or potential loss or destruction of data (example if you have to change an encryption policy from UPK to a DIFFERENT key, the data encrypted by UPK can't be decrypted because the user may no longer have the UPK assigned, and the DIFFERENT key would attempt to encrypt the already encrypted blob).