A couple of support cases have asked the question: how to change the sku of an existing Key Vault?
To be clear about the skus - there are two pricing tiers available when creating a new Key Vault: standard and premium. The premium level adds Thales HSM (Hardware Security Modules) to your Key Vault. See more about that feature here.
The process is simple but not obvious. Powershell is always our friend when it comes to making changes in Key Vault, as this ability is not available in the portal.
I can see in the KVExplorer that my present SKU is "Standard":
To change that to Premium, I can run this Powershell script:
$vaultResourceId = (Get-AzureRMKeyVault -VaultName "AzIdentity").ResourceId
$vault = Get-AzureRmResource -ResourceId $vaultResourceId -ExpandProperties
$vault.Properties.sku.name = "Premium" # or "Standard"
Set-AzureRMResource -ResourceId $vaultResourceId -Properties $vault.Properties
A refresh of the KVExplorer shows that I now have the Premium level:
It's important to note that this is a safe operation. If you were to move from Premium to Standard, HSM keys will not longer be available for your Key Vault service, but they are not deleted. Moving back to Premium allows the keys to be used once again.