diff --git a/sdk/keyvault/Azure.Security.KeyVault.Administration/CHANGELOG.md b/sdk/keyvault/Azure.Security.KeyVault.Administration/CHANGELOG.md
index 6aae01c99560f..18cd6f1ef2f33 100644
--- a/sdk/keyvault/Azure.Security.KeyVault.Administration/CHANGELOG.md
+++ b/sdk/keyvault/Azure.Security.KeyVault.Administration/CHANGELOG.md
@@ -4,6 +4,8 @@
 
 ### Features Added
 
+- TODO: sasToken vs. useManagedIdentity.
+
 ### Breaking Changes
 
 ### Bugs Fixed
@@ -12,6 +14,8 @@
 
 ### Other Changes
 
+- The default service version is now "7.5-preview.1".
+
 ## 4.3.0 (2023-03-14)
 
 ### Breaking Changes
diff --git a/sdk/keyvault/Azure.Security.KeyVault.Administration/assets.json b/sdk/keyvault/Azure.Security.KeyVault.Administration/assets.json
index 1fb7e3ae115bb..0d547a618574d 100644
--- a/sdk/keyvault/Azure.Security.KeyVault.Administration/assets.json
+++ b/sdk/keyvault/Azure.Security.KeyVault.Administration/assets.json
@@ -2,5 +2,5 @@
   "AssetsRepo": "Azure/azure-sdk-assets",
   "AssetsRepoPrefixPath": "net",
   "TagPrefix": "net/keyvault/Azure.Security.KeyVault.Administration",
-  "Tag": "net/keyvault/Azure.Security.KeyVault.Administration_92615e7932"
+  "Tag": "net/keyvault/Azure.Security.KeyVault.Administration_ecca1d12cb"
 }
diff --git a/sdk/keyvault/Azure.Security.KeyVault.Administration/src/Generated/BackupRestoreRestClient.cs b/sdk/keyvault/Azure.Security.KeyVault.Administration/src/Generated/BackupRestoreRestClient.cs
index 32ff0fba63cb5..8d3bbdb41c081 100644
--- a/sdk/keyvault/Azure.Security.KeyVault.Administration/src/Generated/BackupRestoreRestClient.cs
+++ b/sdk/keyvault/Azure.Security.KeyVault.Administration/src/Generated/BackupRestoreRestClient.cs
@@ -29,7 +29,7 @@ internal partial class BackupRestoreRestClient
         /// <param name="pipeline"> The HTTP pipeline for sending and receiving REST requests and responses. </param>
         /// <param name="apiVersion"> Api Version. </param>
         /// <exception cref="ArgumentNullException"> <paramref name="clientDiagnostics"/>, <paramref name="pipeline"/> or <paramref name="apiVersion"/> is null. </exception>
-        public BackupRestoreRestClient(ClientDiagnostics clientDiagnostics, HttpPipeline pipeline, string apiVersion = "7.4")
+        public BackupRestoreRestClient(ClientDiagnostics clientDiagnostics, HttpPipeline pipeline, string apiVersion = "7.5-preview.1")
         {
             ClientDiagnostics = clientDiagnostics ?? throw new ArgumentNullException(nameof(clientDiagnostics));
             _pipeline = pipeline ?? throw new ArgumentNullException(nameof(pipeline));
diff --git a/sdk/keyvault/Azure.Security.KeyVault.Administration/src/Generated/Models/SASTokenParameter.Serialization.cs b/sdk/keyvault/Azure.Security.KeyVault.Administration/src/Generated/Models/SASTokenParameter.Serialization.cs
index a88abaf4aa2e9..a71ec1a020f5d 100644
--- a/sdk/keyvault/Azure.Security.KeyVault.Administration/src/Generated/Models/SASTokenParameter.Serialization.cs
+++ b/sdk/keyvault/Azure.Security.KeyVault.Administration/src/Generated/Models/SASTokenParameter.Serialization.cs
@@ -17,8 +17,16 @@ void IUtf8JsonSerializable.Write(Utf8JsonWriter writer)
             writer.WriteStartObject();
             writer.WritePropertyName("storageResourceUri"u8);
             writer.WriteStringValue(StorageResourceUri);
-            writer.WritePropertyName("token"u8);
-            writer.WriteStringValue(Token);
+            if (Optional.IsDefined(Token))
+            {
+                writer.WritePropertyName("token"u8);
+                writer.WriteStringValue(Token);
+            }
+            if (Optional.IsDefined(UseManagedIdentity))
+            {
+                writer.WritePropertyName("useManagedIdentity"u8);
+                writer.WriteBooleanValue(UseManagedIdentity.Value);
+            }
             writer.WriteEndObject();
         }
     }
diff --git a/sdk/keyvault/Azure.Security.KeyVault.Administration/src/Generated/Models/SASTokenParameter.cs b/sdk/keyvault/Azure.Security.KeyVault.Administration/src/Generated/Models/SASTokenParameter.cs
index 61c0dbe59cedf..33f17bfb978b4 100644
--- a/sdk/keyvault/Azure.Security.KeyVault.Administration/src/Generated/Models/SASTokenParameter.cs
+++ b/sdk/keyvault/Azure.Security.KeyVault.Administration/src/Generated/Models/SASTokenParameter.cs
@@ -15,20 +15,19 @@ internal partial class SASTokenParameter
     {
         /// <summary> Initializes a new instance of SASTokenParameter. </summary>
         /// <param name="storageResourceUri"> Azure Blob storage container Uri. </param>
-        /// <param name="token"> The SAS token pointing to an Azure Blob storage container. </param>
-        /// <exception cref="ArgumentNullException"> <paramref name="storageResourceUri"/> or <paramref name="token"/> is null. </exception>
-        public SASTokenParameter(string storageResourceUri, string token)
+        /// <exception cref="ArgumentNullException"> <paramref name="storageResourceUri"/> is null. </exception>
+        public SASTokenParameter(string storageResourceUri)
         {
             Argument.AssertNotNull(storageResourceUri, nameof(storageResourceUri));
-            Argument.AssertNotNull(token, nameof(token));
 
             StorageResourceUri = storageResourceUri;
-            Token = token;
         }
 
         /// <summary> Azure Blob storage container Uri. </summary>
         public string StorageResourceUri { get; }
         /// <summary> The SAS token pointing to an Azure Blob storage container. </summary>
-        public string Token { get; }
+        public string Token { get; set; }
+        /// <summary> Indicates which authentication method should be used. If set to true, Managed HSM will use the configured user-assigned managed identity to authenticate with Azure Storage. Otherwise, a SAS token has to be specified. </summary>
+        public bool? UseManagedIdentity { get; set; }
     }
 }
diff --git a/sdk/keyvault/Azure.Security.KeyVault.Administration/src/Generated/RoleAssignmentsRestClient.cs b/sdk/keyvault/Azure.Security.KeyVault.Administration/src/Generated/RoleAssignmentsRestClient.cs
index ae9d2533dba7c..f6926982149d8 100644
--- a/sdk/keyvault/Azure.Security.KeyVault.Administration/src/Generated/RoleAssignmentsRestClient.cs
+++ b/sdk/keyvault/Azure.Security.KeyVault.Administration/src/Generated/RoleAssignmentsRestClient.cs
@@ -29,7 +29,7 @@ internal partial class RoleAssignmentsRestClient
         /// <param name="pipeline"> The HTTP pipeline for sending and receiving REST requests and responses. </param>
         /// <param name="apiVersion"> Api Version. </param>
         /// <exception cref="ArgumentNullException"> <paramref name="clientDiagnostics"/>, <paramref name="pipeline"/> or <paramref name="apiVersion"/> is null. </exception>
-        public RoleAssignmentsRestClient(ClientDiagnostics clientDiagnostics, HttpPipeline pipeline, string apiVersion = "7.4")
+        public RoleAssignmentsRestClient(ClientDiagnostics clientDiagnostics, HttpPipeline pipeline, string apiVersion = "7.5-preview.1")
         {
             ClientDiagnostics = clientDiagnostics ?? throw new ArgumentNullException(nameof(clientDiagnostics));
             _pipeline = pipeline ?? throw new ArgumentNullException(nameof(pipeline));
diff --git a/sdk/keyvault/Azure.Security.KeyVault.Administration/src/Generated/RoleDefinitionsRestClient.cs b/sdk/keyvault/Azure.Security.KeyVault.Administration/src/Generated/RoleDefinitionsRestClient.cs
index bbda019698cb6..52ec199082075 100644
--- a/sdk/keyvault/Azure.Security.KeyVault.Administration/src/Generated/RoleDefinitionsRestClient.cs
+++ b/sdk/keyvault/Azure.Security.KeyVault.Administration/src/Generated/RoleDefinitionsRestClient.cs
@@ -29,7 +29,7 @@ internal partial class RoleDefinitionsRestClient
         /// <param name="pipeline"> The HTTP pipeline for sending and receiving REST requests and responses. </param>
         /// <param name="apiVersion"> Api Version. </param>
         /// <exception cref="ArgumentNullException"> <paramref name="clientDiagnostics"/>, <paramref name="pipeline"/> or <paramref name="apiVersion"/> is null. </exception>
-        public RoleDefinitionsRestClient(ClientDiagnostics clientDiagnostics, HttpPipeline pipeline, string apiVersion = "7.4")
+        public RoleDefinitionsRestClient(ClientDiagnostics clientDiagnostics, HttpPipeline pipeline, string apiVersion = "7.5-preview.1")
         {
             ClientDiagnostics = clientDiagnostics ?? throw new ArgumentNullException(nameof(clientDiagnostics));
             _pipeline = pipeline ?? throw new ArgumentNullException(nameof(pipeline));
diff --git a/sdk/keyvault/Azure.Security.KeyVault.Administration/src/Generated/SettingsRestClient.cs b/sdk/keyvault/Azure.Security.KeyVault.Administration/src/Generated/SettingsRestClient.cs
index f92958810affc..5e8625412929e 100644
--- a/sdk/keyvault/Azure.Security.KeyVault.Administration/src/Generated/SettingsRestClient.cs
+++ b/sdk/keyvault/Azure.Security.KeyVault.Administration/src/Generated/SettingsRestClient.cs
@@ -29,7 +29,7 @@ internal partial class SettingsRestClient
         /// <param name="pipeline"> The HTTP pipeline for sending and receiving REST requests and responses. </param>
         /// <param name="apiVersion"> Api Version. </param>
         /// <exception cref="ArgumentNullException"> <paramref name="clientDiagnostics"/>, <paramref name="pipeline"/> or <paramref name="apiVersion"/> is null. </exception>
-        public SettingsRestClient(ClientDiagnostics clientDiagnostics, HttpPipeline pipeline, string apiVersion = "7.4")
+        public SettingsRestClient(ClientDiagnostics clientDiagnostics, HttpPipeline pipeline, string apiVersion = "7.5-preview.1")
         {
             ClientDiagnostics = clientDiagnostics ?? throw new ArgumentNullException(nameof(clientDiagnostics));
             _pipeline = pipeline ?? throw new ArgumentNullException(nameof(pipeline));
diff --git a/sdk/keyvault/Azure.Security.KeyVault.Administration/src/KeyVaultAdministrationClientOptions.cs b/sdk/keyvault/Azure.Security.KeyVault.Administration/src/KeyVaultAdministrationClientOptions.cs
index 514dddfc8b5fe..6ffc3fa56052e 100644
--- a/sdk/keyvault/Azure.Security.KeyVault.Administration/src/KeyVaultAdministrationClientOptions.cs
+++ b/sdk/keyvault/Azure.Security.KeyVault.Administration/src/KeyVaultAdministrationClientOptions.cs
@@ -16,7 +16,7 @@ public class KeyVaultAdministrationClientOptions : ClientOptions
         /// For more information, see
         /// <see href="https://docs.microsoft.com/rest/api/keyvault/key-vault-versions">Key Vault versions</see>.
         /// </summary>
-        internal const ServiceVersion LatestVersion = ServiceVersion.V7_4;
+        internal const ServiceVersion LatestVersion = ServiceVersion.V7_5_Preview_1;
 
         /// <summary>
         /// The versions of Azure Key Vault supported by this client
@@ -39,6 +39,11 @@ public enum ServiceVersion
             /// The Key Vault API version 7.4.
             /// </summary>
             V7_4 = 3,
+
+            /// <summary>
+            /// The Key Vault API version 7.5-preview.1.
+            /// </summary>
+            V7_5_Preview_1 = 4,
 #pragma warning restore CA1707 // Identifiers should not contain underscores
         }
 
@@ -75,6 +80,7 @@ internal string GetVersionString()
                 ServiceVersion.V7_2 => "7.2",
                 ServiceVersion.V7_3 => "7.3",
                 ServiceVersion.V7_4 => "7.4",
+                ServiceVersion.V7_5_Preview_1 => "7.5-preview.1",
                 _ => throw new ArgumentException(Version.ToString()),
             };
         }
diff --git a/sdk/keyvault/Azure.Security.KeyVault.Administration/src/KeyVaultBackupClient.cs b/sdk/keyvault/Azure.Security.KeyVault.Administration/src/KeyVaultBackupClient.cs
index f2cf78ce86c5f..914cd6c9ee7e8 100644
--- a/sdk/keyvault/Azure.Security.KeyVault.Administration/src/KeyVaultBackupClient.cs
+++ b/sdk/keyvault/Azure.Security.KeyVault.Administration/src/KeyVaultBackupClient.cs
@@ -68,12 +68,12 @@ public KeyVaultBackupClient(Uri vaultUri, TokenCredential credential, KeyVaultAd
         /// Initiates a full key backup of the Key Vault.
         /// </summary>
         /// <param name="blobStorageUri">The <see cref="Uri"/> for the blob storage resource.</param>
-        /// <param name="sasToken">A Shared Access Signature (SAS) token to authorize access to the blob.</param>
+        /// <param name="sasToken">Optional Shared Access Signature (SAS) token to authorize access to the blob. If null, Managed Identity will be used to authenticate instead.</param>
         /// <param name="cancellationToken">A <see cref="CancellationToken"/> controlling the request lifetime.</param>
         /// <exception cref="ArgumentNullException"><paramref name="blobStorageUri"/> or <paramref name="sasToken"/> is null.</exception>
         /// <exception cref="RequestFailedException">The server returned an error. See <see cref="Exception.Message"/> for details returned from the server.</exception>
         /// <returns>A <see cref="KeyVaultBackupOperation"/> to wait on this long-running operation.</returns>
-        public virtual async Task<KeyVaultBackupOperation> StartBackupAsync(Uri blobStorageUri, string sasToken, CancellationToken cancellationToken = default)
+        public virtual async Task<KeyVaultBackupOperation> StartBackupAsync(Uri blobStorageUri, string sasToken = default, CancellationToken cancellationToken = default)
         {
             using DiagnosticScope scope = _diagnostics.CreateScope($"{nameof(KeyVaultBackupClient)}.{nameof(StartBackup)}");
             scope.Start();
@@ -98,12 +98,12 @@ public virtual async Task<KeyVaultBackupOperation> StartBackupAsync(Uri blobStor
         /// Initiates a full key backup of the Key Vault.
         /// </summary>
         /// <param name="blobStorageUri">The <see cref="Uri"/> for the blob storage resource.</param>
-        /// <param name="sasToken">A Shared Access Signature (SAS) token to authorize access to the blob.</param>
+        /// <param name="sasToken">Optional Shared Access Signature (SAS) token to authorize access to the blob. If null, Managed Identity will be used to authenticate instead.</param>
         /// <param name="cancellationToken">A <see cref="CancellationToken"/> controlling the request lifetime.</param>
         /// <exception cref="ArgumentNullException"><paramref name="blobStorageUri"/> or <paramref name="sasToken"/> is null.</exception>
         /// <exception cref="RequestFailedException">The server returned an error. See <see cref="Exception.Message"/> for details returned from the server.</exception>
         /// <returns>A <see cref="KeyVaultBackupOperation"/> to wait on this long-running operation.</returns>
-        public virtual KeyVaultBackupOperation StartBackup(Uri blobStorageUri, string sasToken, CancellationToken cancellationToken = default)
+        public virtual KeyVaultBackupOperation StartBackup(Uri blobStorageUri, string sasToken = default, CancellationToken cancellationToken = default)
         {
             using DiagnosticScope scope = _diagnostics.CreateScope($"{nameof(KeyVaultBackupClient)}.{nameof(StartBackup)}");
             scope.Start();
@@ -131,12 +131,12 @@ public virtual KeyVaultBackupOperation StartBackup(Uri blobStorageUri, string sa
         /// This would be the exact value that is returned as the result of a <see cref="KeyVaultBackupOperation"/>.
         /// An example Uri may look like the following: https://contoso.blob.core.windows.net/backup/mhsm-contoso-2020090117323313.
         /// </param>
-        /// <param name="sasToken">A Shared Access Signature (SAS) token to authorize access to the blob.</param>
+        /// <param name="sasToken">Optional Shared Access Signature (SAS) token to authorize access to the blob. If null, Managed Identity will be used to authenticate instead.</param>
         /// <param name="cancellationToken">A <see cref="CancellationToken"/> controlling the request lifetime.</param>
         /// <exception cref="ArgumentNullException"><paramref name="folderUri"/> or <paramref name="sasToken"/> is null.</exception>
         /// <exception cref="RequestFailedException">The server returned an error. See <see cref="Exception.Message"/> for details returned from the server.</exception>
         /// <returns>A <see cref="KeyVaultRestoreOperation"/> to wait on this long-running operation.</returns>
-        public virtual async Task<KeyVaultRestoreOperation> StartRestoreAsync(Uri folderUri, string sasToken, CancellationToken cancellationToken = default)
+        public virtual async Task<KeyVaultRestoreOperation> StartRestoreAsync(Uri folderUri, string sasToken = default, CancellationToken cancellationToken = default)
         {
             using DiagnosticScope scope = _diagnostics.CreateScope($"{nameof(KeyVaultBackupClient)}.{nameof(StartRestore)}");
             scope.Start();
@@ -170,12 +170,12 @@ public virtual async Task<KeyVaultRestoreOperation> StartRestoreAsync(Uri folder
         /// This would be the exact value that is returned as the result of a <see cref="KeyVaultBackupOperation"/>.
         /// An example Uri path may look like the following: https://contoso.blob.core.windows.net/backup/mhsm-contoso-2020090117323313.
         /// </param>
-        /// <param name="sasToken">A Shared Access Signature (SAS) token to authorize access to the blob.</param>
+        /// <param name="sasToken">Optional Shared Access Signature (SAS) token to authorize access to the blob. If null, Managed Identity will be used to authenticate instead.</param>
         /// <param name="cancellationToken">A <see cref="CancellationToken"/> controlling the request lifetime.</param>
         /// <exception cref="ArgumentNullException"><paramref name="folderUri"/> or <paramref name="sasToken"/> is null.</exception>
         /// <exception cref="RequestFailedException">The server returned an error. See <see cref="Exception.Message"/> for details returned from the server.</exception>
         /// <returns>A <see cref="KeyVaultRestoreOperation"/> to wait on this long-running operation.</returns>
-        public virtual KeyVaultRestoreOperation StartRestore(Uri folderUri, string sasToken, CancellationToken cancellationToken = default)
+        public virtual KeyVaultRestoreOperation StartRestore(Uri folderUri, string sasToken = default, CancellationToken cancellationToken = default)
         {
             using DiagnosticScope scope = _diagnostics.CreateScope($"{nameof(KeyVaultBackupClient)}.{nameof(StartRestore)}");
             scope.Start();
@@ -210,12 +210,12 @@ public virtual KeyVaultRestoreOperation StartRestore(Uri folderUri, string sasTo
         /// This would be the exact value that is returned as the result of a <see cref="KeyVaultBackupOperation"/>.
         /// An example Uri path may look like the following: https://contoso.blob.core.windows.net/backup/mhsm-contoso-2020090117323313.
         /// </param>
-        /// <param name="sasToken">A Shared Access Signature (SAS) token to authorize access to the blob.</param>
+        /// <param name="sasToken">Optional Shared Access Signature (SAS) token to authorize access to the blob. If null, Managed Identity will be used to authenticate instead.</param>
         /// <param name="cancellationToken">A <see cref="CancellationToken"/> controlling the request lifetime.</param>
         /// <exception cref="ArgumentNullException"><paramref name="folderUri"/> or <paramref name="sasToken"/> is null.</exception>
         /// <exception cref="RequestFailedException">The server returned an error. See <see cref="Exception.Message"/> for details returned from the server.</exception>
         /// <returns>A <see cref="KeyVaultSelectiveKeyRestoreOperation"/> to wait on this long-running operation.</returns>
-        public virtual async Task<KeyVaultSelectiveKeyRestoreOperation> StartSelectiveKeyRestoreAsync(string keyName, Uri folderUri, string sasToken, CancellationToken cancellationToken = default)
+        public virtual async Task<KeyVaultSelectiveKeyRestoreOperation> StartSelectiveKeyRestoreAsync(string keyName, Uri folderUri, string sasToken = default, CancellationToken cancellationToken = default)
         {
             using DiagnosticScope scope = _diagnostics.CreateScope($"{nameof(KeyVaultBackupClient)}.{nameof(StartSelectiveKeyRestore)}");
             scope.Start();
@@ -253,12 +253,12 @@ public virtual async Task<KeyVaultSelectiveKeyRestoreOperation> StartSelectiveKe
         /// This would be the exact value that is returned as the result of a <see cref="KeyVaultBackupOperation"/>.
         /// An example Uri path may look like the following: https://contoso.blob.core.windows.net/backup/mhsm-contoso-2020090117323313.
         /// </param>
-        /// <param name="sasToken">A Shared Access Signature (SAS) token to authorize access to the blob.</param>
+        /// <param name="sasToken">Optional Shared Access Signature (SAS) token to authorize access to the blob. If null, Managed Identity will be used to authenticate instead.</param>
         /// <param name="cancellationToken">A <see cref="CancellationToken"/> controlling the request lifetime.</param>
         /// <exception cref="ArgumentNullException"><paramref name="folderUri"/> or <paramref name="sasToken"/> is null.</exception>
         /// <exception cref="RequestFailedException">The server returned an error. See <see cref="Exception.Message"/> for details returned from the server.</exception>
         /// <returns>A <see cref="KeyVaultSelectiveKeyRestoreOperation"/> to wait on this long-running operation.</returns>
-        public virtual KeyVaultSelectiveKeyRestoreOperation StartSelectiveKeyRestore(string keyName, Uri folderUri, string sasToken, CancellationToken cancellationToken = default)
+        public virtual KeyVaultSelectiveKeyRestoreOperation StartSelectiveKeyRestore(string keyName, Uri folderUri, string sasToken = default, CancellationToken cancellationToken = default)
         {
             using DiagnosticScope scope = _diagnostics.CreateScope($"{nameof(KeyVaultBackupClient)}.{nameof(StartSelectiveKeyRestore)}");
             scope.Start();
diff --git a/sdk/keyvault/Azure.Security.KeyVault.Administration/src/Models/SASTokenParameter.cs b/sdk/keyvault/Azure.Security.KeyVault.Administration/src/Models/SASTokenParameter.cs
new file mode 100644
index 0000000000000..b0a88ea1b974c
--- /dev/null
+++ b/sdk/keyvault/Azure.Security.KeyVault.Administration/src/Models/SASTokenParameter.cs
@@ -0,0 +1,23 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+namespace Azure.Security.KeyVault.Administration.Models
+{
+    internal partial class SASTokenParameter
+    {
+        /// <summary>
+        /// Creates a new instance of the <see cref="SASTokenParameter"/> class.
+        /// </summary>
+        /// <param name="storageResourceUri">The URI for the blob storage resource.</param>
+        /// <param name="sasToken">
+        /// Optional Shared Access Signature (SAS) token to authorize access to the blob. Sets <see cref="Token"/>.
+        /// If null, <see cref="UseManagedIdentity"/> will be set to true and Managed Identity will be used to authenticate instead.
+        /// </param>
+        public SASTokenParameter(string storageResourceUri, string sasToken)
+            : this(storageResourceUri)
+        {
+            Token = sasToken;
+            UseManagedIdentity = sasToken == null;
+        }
+    }
+}
diff --git a/sdk/keyvault/Azure.Security.KeyVault.Administration/src/autorest.md b/sdk/keyvault/Azure.Security.KeyVault.Administration/src/autorest.md
index 931f2a28643f4..466250f1a4556 100644
--- a/sdk/keyvault/Azure.Security.KeyVault.Administration/src/autorest.md
+++ b/sdk/keyvault/Azure.Security.KeyVault.Administration/src/autorest.md
@@ -9,9 +9,9 @@ Run `dotnet build /t:GenerateCode` in src directory to re-generate.
 ``` yaml
 title: Azure.Security.KeyVault.Administration
 input-file:
-- https://raw.githubusercontent.com/Azure/azure-rest-api-specs/551275acb80e1f8b39036b79dfc35a8f63b601a7/specification/keyvault/data-plane/Microsoft.KeyVault/stable/7.4/rbac.json
-- https://raw.githubusercontent.com/Azure/azure-rest-api-specs/551275acb80e1f8b39036b79dfc35a8f63b601a7/specification/keyvault/data-plane/Microsoft.KeyVault/stable/7.4/backuprestore.json
-- https://raw.githubusercontent.com/Azure/azure-rest-api-specs/551275acb80e1f8b39036b79dfc35a8f63b601a7/specification/keyvault/data-plane/Microsoft.KeyVault/stable/7.4/settings.json
+- https://raw.githubusercontent.com/Azure/azure-rest-api-specs/c06b7c22971d4c71e52f0962728c99aabf70127e/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.5-preview.1/rbac.json
+- https://raw.githubusercontent.com/Azure/azure-rest-api-specs/c06b7c22971d4c71e52f0962728c99aabf70127e/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.5-preview.1/backuprestore.json
+- https://raw.githubusercontent.com/Azure/azure-rest-api-specs/c06b7c22971d4c71e52f0962728c99aabf70127e/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.5-preview.1/settings.json
 namespace: Azure.Security.KeyVault.Administration
 generation1-convenience-client: true
 include-csproj: disable
diff --git a/sdk/keyvault/Azure.Security.KeyVault.Administration/tests/AdministrationTestBase.cs b/sdk/keyvault/Azure.Security.KeyVault.Administration/tests/AdministrationTestBase.cs
index 59740b260a9da..3448f7c574e97 100644
--- a/sdk/keyvault/Azure.Security.KeyVault.Administration/tests/AdministrationTestBase.cs
+++ b/sdk/keyvault/Azure.Security.KeyVault.Administration/tests/AdministrationTestBase.cs
@@ -16,6 +16,7 @@ namespace Azure.Security.KeyVault.Administration.Tests
     /// Base class for recorded Administration tests.
     /// </summary>
     [ClientTestFixture(
+        KeyVaultAdministrationClientOptions.ServiceVersion.V7_5_Preview_1,
         KeyVaultAdministrationClientOptions.ServiceVersion.V7_4,
         KeyVaultAdministrationClientOptions.ServiceVersion.V7_3,
         KeyVaultAdministrationClientOptions.ServiceVersion.V7_2)]
diff --git a/sdk/keyvault/Azure.Security.KeyVault.Certificates/CHANGELOG.md b/sdk/keyvault/Azure.Security.KeyVault.Certificates/CHANGELOG.md
index 13caa84cceace..ddd431619f9a5 100644
--- a/sdk/keyvault/Azure.Security.KeyVault.Certificates/CHANGELOG.md
+++ b/sdk/keyvault/Azure.Security.KeyVault.Certificates/CHANGELOG.md
@@ -15,6 +15,8 @@
 
 ### Other Changes
 
+- The default service version is now "7.5-preview.1".
+
 ## 4.5.1 (2023-03-31)
 
 ### Bugs Fixed
diff --git a/sdk/keyvault/Azure.Security.KeyVault.Certificates/assets.json b/sdk/keyvault/Azure.Security.KeyVault.Certificates/assets.json
index e79961ba66cfa..134ba2ae7ed98 100644
--- a/sdk/keyvault/Azure.Security.KeyVault.Certificates/assets.json
+++ b/sdk/keyvault/Azure.Security.KeyVault.Certificates/assets.json
@@ -2,5 +2,5 @@
   "AssetsRepo": "Azure/azure-sdk-assets",
   "AssetsRepoPrefixPath": "net",
   "TagPrefix": "net/keyvault/Azure.Security.KeyVault.Certificates",
-  "Tag": "net/keyvault/Azure.Security.KeyVault.Certificates_9ecb81ee64"
+  "Tag": "net/keyvault/Azure.Security.KeyVault.Certificates_69b32b90d9"
 }
diff --git a/sdk/keyvault/Azure.Security.KeyVault.Certificates/src/CertificateClientOptions.cs b/sdk/keyvault/Azure.Security.KeyVault.Certificates/src/CertificateClientOptions.cs
index c2f952db27134..fd03d270d24e4 100644
--- a/sdk/keyvault/Azure.Security.KeyVault.Certificates/src/CertificateClientOptions.cs
+++ b/sdk/keyvault/Azure.Security.KeyVault.Certificates/src/CertificateClientOptions.cs
@@ -16,7 +16,7 @@ public class CertificateClientOptions : ClientOptions
         /// For more information, see
         /// <see href="https://docs.microsoft.com/rest/api/keyvault/key-vault-versions">Key Vault versions</see>.
         /// </summary>
-        internal const ServiceVersion LatestVersion = ServiceVersion.V7_4;
+        internal const ServiceVersion LatestVersion = ServiceVersion.V7_5_Preview_1;
 
         /// <summary>
         /// The versions of Azure Key Vault supported by this client
@@ -49,6 +49,11 @@ public enum ServiceVersion
             /// The Key Vault API version 7.4.
             /// </summary>
             V7_4 = 4,
+
+            /// <summary>
+            /// The Key Vault API version 7.5-preview.1.
+            /// </summary>
+            V7_5_Preview_1 = 5,
 #pragma warning restore CA1707 // Identifiers should not contain underscores
         }
 
@@ -88,6 +93,7 @@ internal string GetVersionString()
                 ServiceVersion.V7_2 => "7.2",
                 ServiceVersion.V7_3 => "7.3",
                 ServiceVersion.V7_4 => "7.4",
+                ServiceVersion.V7_5_Preview_1 => "7.5-preview.1",
                 _ => throw new ArgumentException(Version.ToString()),
             };
         }
diff --git a/sdk/keyvault/Azure.Security.KeyVault.Certificates/tests/CertificatesTestBase.cs b/sdk/keyvault/Azure.Security.KeyVault.Certificates/tests/CertificatesTestBase.cs
index 79ec753808f75..84c286f087f17 100644
--- a/sdk/keyvault/Azure.Security.KeyVault.Certificates/tests/CertificatesTestBase.cs
+++ b/sdk/keyvault/Azure.Security.KeyVault.Certificates/tests/CertificatesTestBase.cs
@@ -13,6 +13,7 @@
 namespace Azure.Security.KeyVault.Certificates.Tests
 {
     [ClientTestFixture(
+        CertificateClientOptions.ServiceVersion.V7_5_Preview_1,
         CertificateClientOptions.ServiceVersion.V7_4,
         CertificateClientOptions.ServiceVersion.V7_3,
         CertificateClientOptions.ServiceVersion.V7_2,
diff --git a/sdk/keyvault/Azure.Security.KeyVault.Keys/CHANGELOG.md b/sdk/keyvault/Azure.Security.KeyVault.Keys/CHANGELOG.md
index f47402d369f90..73a522199fccb 100644
--- a/sdk/keyvault/Azure.Security.KeyVault.Keys/CHANGELOG.md
+++ b/sdk/keyvault/Azure.Security.KeyVault.Keys/CHANGELOG.md
@@ -5,15 +5,19 @@
 ### Features Added
 
 - Added `CryptographyClient.CreateRSA` and `CreateRSAAsync` to create an `RSA` implementation backed by Key Vault or Managed HSM ([#3545](https://github.com/Azure/azure-sdk-for-net/issues/3545))
+- Added `KeyProperties.HsmPlatform` to get the underlying HSM platform.
 
 ### Breaking Changes
 
 ### Bugs Fixed
 
 - When a Key Vault is moved to another tenant, the client is reauthenticated.
+- `KeyRotationPolicyAction` performs case-insensitive comparisons since Key Vault and Managed HSM return different cases for "rotate".
 
 ### Other Changes
 
+- The default service version is now "7.5-preview.1".
+
 ## 4.5.0 (2023-03-14)
 
 ### Breaking Changes
diff --git a/sdk/keyvault/Azure.Security.KeyVault.Keys/assets.json b/sdk/keyvault/Azure.Security.KeyVault.Keys/assets.json
index 56728dad33e1a..2706c51f23a95 100644
--- a/sdk/keyvault/Azure.Security.KeyVault.Keys/assets.json
+++ b/sdk/keyvault/Azure.Security.KeyVault.Keys/assets.json
@@ -2,5 +2,5 @@
   "AssetsRepo": "Azure/azure-sdk-assets",
   "AssetsRepoPrefixPath": "net",
   "TagPrefix": "net/keyvault/Azure.Security.KeyVault.Keys",
-  "Tag": "net/keyvault/Azure.Security.KeyVault.Keys_37d7acaa66"
+  "Tag": "net/keyvault/Azure.Security.KeyVault.Keys_4d89ccc079"
 }
diff --git a/sdk/keyvault/Azure.Security.KeyVault.Keys/src/Cryptography/CryptographyClientOptions.cs b/sdk/keyvault/Azure.Security.KeyVault.Keys/src/Cryptography/CryptographyClientOptions.cs
index 574efaabb582c..ba1bc71fb64da 100644
--- a/sdk/keyvault/Azure.Security.KeyVault.Keys/src/Cryptography/CryptographyClientOptions.cs
+++ b/sdk/keyvault/Azure.Security.KeyVault.Keys/src/Cryptography/CryptographyClientOptions.cs
@@ -16,7 +16,7 @@ public class CryptographyClientOptions : ClientOptions
         /// For more information, see
         /// <see href="https://docs.microsoft.com/rest/api/keyvault/key-vault-versions">Key Vault versions</see>.
         /// </summary>
-        internal const ServiceVersion LatestVersion = ServiceVersion.V7_4;
+        internal const ServiceVersion LatestVersion = ServiceVersion.V7_5_Preview_1;
 
         /// <summary>
         /// The versions of Azure Key Vault supported by this client
@@ -49,6 +49,11 @@ public enum ServiceVersion
             /// The Key Vault API version 7.4.
             /// </summary>
             V7_4 = 4,
+
+            /// <summary>
+            /// The Key Vault API version 7.5-preview.1.
+            /// </summary>
+            V7_5_Preview_1 = 5,
 #pragma warning restore CA1707 // Identifiers should not contain underscores
         }
 
@@ -88,6 +93,7 @@ internal string GetVersionString()
                 ServiceVersion.V7_2 => "7.2",
                 ServiceVersion.V7_3 => "7.3",
                 ServiceVersion.V7_4 => "7.4",
+                ServiceVersion.V7_5_Preview_1 => "7.5-preview.1",
                 _ => throw new ArgumentException(Version.ToString()),
             };
         }
diff --git a/sdk/keyvault/Azure.Security.KeyVault.Keys/src/KeyAttributes.cs b/sdk/keyvault/Azure.Security.KeyVault.Keys/src/KeyAttributes.cs
index 86b35862e1bd3..3b3132fcfd5fa 100644
--- a/sdk/keyvault/Azure.Security.KeyVault.Keys/src/KeyAttributes.cs
+++ b/sdk/keyvault/Azure.Security.KeyVault.Keys/src/KeyAttributes.cs
@@ -16,6 +16,7 @@ internal struct KeyAttributes
         private const string RecoverableDaysPropertyName = "recoverableDays";
         private const string RecoveryLevelPropertyName = "recoveryLevel";
         private const string ExportablePropertyName = "exportable";
+        private const string HsmPlatformPropertyName = "hsmPlatform";
 
         private static readonly JsonEncodedText s_enabledPropertyNameBytes = JsonEncodedText.Encode(EnabledPropertyName);
         private static readonly JsonEncodedText s_notBeforePropertyNameBytes = JsonEncodedText.Encode(NotBeforePropertyName);
@@ -38,6 +39,8 @@ internal struct KeyAttributes
 
         public string RecoveryLevel { get; internal set; }
 
+        public string HsmPlatform { get; internal set; }
+
         internal bool ShouldSerialize =>
             Enabled.HasValue ||
             NotBefore.HasValue ||
@@ -74,6 +77,9 @@ internal void ReadProperties(JsonElement json)
                     case ExportablePropertyName:
                         Exportable = prop.Value.GetBoolean();
                         break;
+                    case HsmPlatformPropertyName:
+                        HsmPlatform = prop.Value.GetString();
+                        break;
                 }
             }
         }
@@ -104,6 +110,7 @@ internal void WriteProperties(Utf8JsonWriter json)
             // Updated is read-only don't serialize
             // RecoverableDays is read-only don't serialize
             // RecoveryLevel is read-only don't serialize
+            // HsmPlatform is read-only don't serialize
         }
     }
 }
diff --git a/sdk/keyvault/Azure.Security.KeyVault.Keys/src/KeyClientOptions.cs b/sdk/keyvault/Azure.Security.KeyVault.Keys/src/KeyClientOptions.cs
index 351b3049b7303..9d47118d50772 100644
--- a/sdk/keyvault/Azure.Security.KeyVault.Keys/src/KeyClientOptions.cs
+++ b/sdk/keyvault/Azure.Security.KeyVault.Keys/src/KeyClientOptions.cs
@@ -16,7 +16,7 @@ public class KeyClientOptions : ClientOptions
         /// For more information, see
         /// <see href="https://docs.microsoft.com/rest/api/keyvault/key-vault-versions">Key Vault versions</see>.
         /// </summary>
-        internal const ServiceVersion LatestVersion = ServiceVersion.V7_4;
+        internal const ServiceVersion LatestVersion = ServiceVersion.V7_5_Preview_1;
 
         /// <summary>
         /// The versions of Azure Key Vault supported by this client
@@ -49,6 +49,11 @@ public enum ServiceVersion
             /// The Key Vault API version 7.4.
             /// </summary>
             V7_4 = 4,
+
+            /// <summary>
+            /// The Key Vault API version 7.5-preview.1.
+            /// </summary>
+            V7_5_Preview_1 = 5,
 #pragma warning restore CA1707 // Identifiers should not contain underscores
         }
 
@@ -88,6 +93,7 @@ internal string GetVersionString()
                 ServiceVersion.V7_2 => "7.2",
                 ServiceVersion.V7_3 => "7.3",
                 ServiceVersion.V7_4 => "7.4",
+                ServiceVersion.V7_5_Preview_1 => "7.5-preview.1",
                 _ => throw new ArgumentException(Version.ToString()),
             };
         }
diff --git a/sdk/keyvault/Azure.Security.KeyVault.Keys/src/KeyProperties.cs b/sdk/keyvault/Azure.Security.KeyVault.Keys/src/KeyProperties.cs
index 08085b4dd6553..3a6035063a8bc 100644
--- a/sdk/keyvault/Azure.Security.KeyVault.Keys/src/KeyProperties.cs
+++ b/sdk/keyvault/Azure.Security.KeyVault.Keys/src/KeyProperties.cs
@@ -130,6 +130,11 @@ public KeyProperties(Uri id)
         /// <value>Possible values include <c>Purgeable</c>, <c>Recoverable+Purgeable</c>, <c>Recoverable</c>, and <c>Recoverable+ProtectedSubscription</c>.</value>
         public string RecoveryLevel { get => _attributes.RecoveryLevel; internal set => _attributes.RecoveryLevel = value; }
 
+        /// <summary>
+        /// Gets the underlying HSM platform.
+        /// </summary>
+        public string HsmPlatform { get => _attributes.HsmPlatform; internal set => _attributes.HsmPlatform = value; }
+
         /// <summary>
         /// Gets or sets the policy rules under which the key can be exported.
         /// </summary>
diff --git a/sdk/keyvault/Azure.Security.KeyVault.Keys/src/KeyRotationPolicyAction.cs b/sdk/keyvault/Azure.Security.KeyVault.Keys/src/KeyRotationPolicyAction.cs
index eabaddd5d73b6..2abcc7dfaff49 100644
--- a/sdk/keyvault/Azure.Security.KeyVault.Keys/src/KeyRotationPolicyAction.cs
+++ b/sdk/keyvault/Azure.Security.KeyVault.Keys/src/KeyRotationPolicyAction.cs
@@ -62,11 +62,13 @@ public KeyRotationPolicyAction(string value)
         public override bool Equals(object obj) => obj is KeyRotationPolicyAction other && Equals(other);
 
         /// <inheritdoc/>
-        public bool Equals(KeyRotationPolicyAction other) => string.Equals(_value, other._value, StringComparison.Ordinal);
+        // Comparison is case-insensitive due to https://github.com/Azure/azure-rest-api-specs/pull/24475.
+        public bool Equals(KeyRotationPolicyAction other) => string.Equals(_value, other._value, StringComparison.OrdinalIgnoreCase);
 
         /// <inheritdoc/>
         [EditorBrowsable(EditorBrowsableState.Never)]
-        public override int GetHashCode() => _value?.GetHashCode() ?? 0;
+        // Comparison is case-insensitive due to https://github.com/Azure/azure-rest-api-specs/pull/24475.
+        public override int GetHashCode() => _value?.ToLowerInvariant().GetHashCode() ?? 0;
 
         /// <inheritdoc/>
         public override string ToString() => _value;
diff --git a/sdk/keyvault/Azure.Security.KeyVault.Keys/tests/KeyClientLiveTests.SecureKeyRelease.cs b/sdk/keyvault/Azure.Security.KeyVault.Keys/tests/KeyClientLiveTests.SecureKeyRelease.cs
index 3829fc16db3e6..5bd9c61505217 100644
--- a/sdk/keyvault/Azure.Security.KeyVault.Keys/tests/KeyClientLiveTests.SecureKeyRelease.cs
+++ b/sdk/keyvault/Azure.Security.KeyVault.Keys/tests/KeyClientLiveTests.SecureKeyRelease.cs
@@ -18,6 +18,7 @@ public partial class KeyClientLiveTests
         [IgnoreServiceError(400, "BadParameter")] // TODO: Remove once SKR is deployed to sovereign clouds.
         [PremiumOnly]
         [ServiceVersion(Min = KeyClientOptions.ServiceVersion.V7_3)]
+        [Ignore("https://github.com/Azure/azure-sdk-for-net/issues/38375")]
         public async Task ReleaseCreatedKey()
         {
             string keyName = Recording.GenerateId();
@@ -74,6 +75,7 @@ public async Task ReleaseUpdatedKey()
         [IgnoreServiceError(400, "BadParameter")] // TODO: Remove once SKR is deployed to sovereign clouds.
         [PremiumOnly]
         [ServiceVersion(Min = KeyClientOptions.ServiceVersion.V7_3)]
+        [Ignore("https://github.com/Azure/azure-sdk-for-net/issues/38375")]
         public async Task UpdateReleasePolicy([Values] bool immutable)
         {
             string keyName = Recording.GenerateId();
diff --git a/sdk/keyvault/Azure.Security.KeyVault.Keys/tests/KeyClientLiveTests.cs b/sdk/keyvault/Azure.Security.KeyVault.Keys/tests/KeyClientLiveTests.cs
index dce05a22c54ac..51f9ee0e576ac 100644
--- a/sdk/keyvault/Azure.Security.KeyVault.Keys/tests/KeyClientLiveTests.cs
+++ b/sdk/keyvault/Azure.Security.KeyVault.Keys/tests/KeyClientLiveTests.cs
@@ -80,6 +80,10 @@ public async Task CreateEcHsmKey()
             RegisterForCleanup(keyName);
 
             KeyVaultKey keyReturned = await Client.GetKeyAsync(keyName);
+            if (!IsManagedHSM && _serviceVersion >= KeyClientOptions.ServiceVersion.V7_5_Preview_1)
+            {
+                Assert.That(keyReturned.Properties.HsmPlatform, Is.Not.Null.And.Not.Empty);
+            }
 
             AssertKeyVaultKeysEqual(ecHsmkey, keyReturned);
 
@@ -142,6 +146,10 @@ public async Task CreateRsaHsmKey()
             RegisterForCleanup(keyName);
 
             KeyVaultKey keyReturned = await Client.GetKeyAsync(keyName);
+            if (!IsManagedHSM && _serviceVersion >= KeyClientOptions.ServiceVersion.V7_5_Preview_1)
+            {
+                Assert.That(keyReturned.Properties.HsmPlatform, Is.Not.Null.And.Not.Empty);
+            }
 
             AssertKeyVaultKeysEqual(rsaHsmkey, keyReturned);
 
diff --git a/sdk/keyvault/Azure.Security.KeyVault.Keys/tests/KeyPropertiesTests.cs b/sdk/keyvault/Azure.Security.KeyVault.Keys/tests/KeyPropertiesTests.cs
index ebfd2b6651d2f..d6e533be1f00d 100644
--- a/sdk/keyvault/Azure.Security.KeyVault.Keys/tests/KeyPropertiesTests.cs
+++ b/sdk/keyvault/Azure.Security.KeyVault.Keys/tests/KeyPropertiesTests.cs
@@ -35,5 +35,19 @@ public void DeserializesRecoverableDays(string content, int? expected)
 
             Assert.AreEqual(expected, properties.RecoverableDays);
         }
+
+        [TestCase(@"{""kid"":""https://vault/keys/key-name""}", null)]
+        [TestCase(@"{""kid"":""https://vault/keys/key-name"",""attributes"":{""hsmPlatform"":null}}", null)]
+        [TestCase(@"{""kid"":""https://vault/keys/key-name"",""attributes"":{""hsmPlatform"":""1""}}", "1")]
+        public void DeserializesHsmPlatform(string content, string expected)
+        {
+            KeyProperties properties = new KeyProperties();
+            using (JsonStream json = new JsonStream(content))
+            {
+                properties.Deserialize(json.AsStream());
+            }
+
+            Assert.AreEqual(expected, properties.HsmPlatform);
+        }
     }
 }
diff --git a/sdk/keyvault/Azure.Security.KeyVault.Keys/tests/KeysTestBase.cs b/sdk/keyvault/Azure.Security.KeyVault.Keys/tests/KeysTestBase.cs
index c9cbe0fc048e6..743d694a19b39 100644
--- a/sdk/keyvault/Azure.Security.KeyVault.Keys/tests/KeysTestBase.cs
+++ b/sdk/keyvault/Azure.Security.KeyVault.Keys/tests/KeysTestBase.cs
@@ -13,6 +13,7 @@
 namespace Azure.Security.KeyVault.Keys.Tests
 {
     [ClientTestFixture(
+        KeyClientOptions.ServiceVersion.V7_5_Preview_1,
         KeyClientOptions.ServiceVersion.V7_4,
         KeyClientOptions.ServiceVersion.V7_3,
         KeyClientOptions.ServiceVersion.V7_2,
diff --git a/sdk/keyvault/Azure.Security.KeyVault.Keys/tests/ManagedHsmCryptographyClientLiveTests.cs b/sdk/keyvault/Azure.Security.KeyVault.Keys/tests/ManagedHsmCryptographyClientLiveTests.cs
index cfd903cb2bd30..af33da2afe845 100644
--- a/sdk/keyvault/Azure.Security.KeyVault.Keys/tests/ManagedHsmCryptographyClientLiveTests.cs
+++ b/sdk/keyvault/Azure.Security.KeyVault.Keys/tests/ManagedHsmCryptographyClientLiveTests.cs
@@ -12,6 +12,7 @@
 namespace Azure.Security.KeyVault.Keys.Tests
 {
     [ClientTestFixture(
+        KeyClientOptions.ServiceVersion.V7_5_Preview_1,
         KeyClientOptions.ServiceVersion.V7_4,
         KeyClientOptions.ServiceVersion.V7_3,
         KeyClientOptions.ServiceVersion.V7_2)]
diff --git a/sdk/keyvault/Azure.Security.KeyVault.Keys/tests/ManagedHsmLiveTests.cs b/sdk/keyvault/Azure.Security.KeyVault.Keys/tests/ManagedHsmLiveTests.cs
index ee9f7934e237a..3ecd929c3b343 100644
--- a/sdk/keyvault/Azure.Security.KeyVault.Keys/tests/ManagedHsmLiveTests.cs
+++ b/sdk/keyvault/Azure.Security.KeyVault.Keys/tests/ManagedHsmLiveTests.cs
@@ -12,6 +12,7 @@
 namespace Azure.Security.KeyVault.Keys.Tests
 {
     [ClientTestFixture(
+        KeyClientOptions.ServiceVersion.V7_5_Preview_1,
         KeyClientOptions.ServiceVersion.V7_4,
         KeyClientOptions.ServiceVersion.V7_3,
         KeyClientOptions.ServiceVersion.V7_2)]
diff --git a/sdk/keyvault/Azure.Security.KeyVault.Secrets/CHANGELOG.md b/sdk/keyvault/Azure.Security.KeyVault.Secrets/CHANGELOG.md
index 00cf731383a56..9ff6c9d9b3007 100644
--- a/sdk/keyvault/Azure.Security.KeyVault.Secrets/CHANGELOG.md
+++ b/sdk/keyvault/Azure.Security.KeyVault.Secrets/CHANGELOG.md
@@ -12,6 +12,8 @@
 
 ### Other Changes
 
+- The default service version is now "7.5-preview.1".
+
 ## 4.5.0 (2023-03-14)
 
 ### Breaking Changes
diff --git a/sdk/keyvault/Azure.Security.KeyVault.Secrets/assets.json b/sdk/keyvault/Azure.Security.KeyVault.Secrets/assets.json
index 80bd78ba96cac..a7f372ab46788 100644
--- a/sdk/keyvault/Azure.Security.KeyVault.Secrets/assets.json
+++ b/sdk/keyvault/Azure.Security.KeyVault.Secrets/assets.json
@@ -2,5 +2,5 @@
   "AssetsRepo": "Azure/azure-sdk-assets",
   "AssetsRepoPrefixPath": "net",
   "TagPrefix": "net/keyvault/Azure.Security.KeyVault.Secrets",
-  "Tag": "net/keyvault/Azure.Security.KeyVault.Secrets_3146293848"
+  "Tag": "net/keyvault/Azure.Security.KeyVault.Secrets_a48a2f9275"
 }
diff --git a/sdk/keyvault/Azure.Security.KeyVault.Secrets/src/SecretClientOptions.cs b/sdk/keyvault/Azure.Security.KeyVault.Secrets/src/SecretClientOptions.cs
index cb24a8cf7445e..590a0eae95de2 100644
--- a/sdk/keyvault/Azure.Security.KeyVault.Secrets/src/SecretClientOptions.cs
+++ b/sdk/keyvault/Azure.Security.KeyVault.Secrets/src/SecretClientOptions.cs
@@ -16,7 +16,7 @@ public class SecretClientOptions : ClientOptions
         /// For more information, see
         /// <see href="https://docs.microsoft.com/rest/api/keyvault/key-vault-versions">Key Vault versions</see>.
         /// </summary>
-        internal const ServiceVersion LatestVersion = ServiceVersion.V7_4;
+        internal const ServiceVersion LatestVersion = ServiceVersion.V7_5_Preview_1;
 
         /// <summary>
         /// The versions of Azure Key Vault supported by this client library.
@@ -48,6 +48,11 @@ public enum ServiceVersion
             /// The Key Vault API version 7.4.
             /// </summary>
             V7_4 = 4,
+
+            /// <summary>
+            /// The Key Vault API version 7.5-preview.1.
+            /// </summary>
+            V7_5_Preview_1 = 5,
 #pragma warning restore CA1707 // Identifiers should not contain underscores
         }
 
@@ -86,6 +91,7 @@ internal string GetVersionString()
                 ServiceVersion.V7_2 => "7.2",
                 ServiceVersion.V7_3 => "7.3",
                 ServiceVersion.V7_4 => "7.4",
+                ServiceVersion.V7_5_Preview_1 => "7.5-preview.1",
                 _ => throw new ArgumentException(Version.ToString()),
             };
         }
diff --git a/sdk/keyvault/Azure.Security.KeyVault.Secrets/tests/SecretsTestBase.cs b/sdk/keyvault/Azure.Security.KeyVault.Secrets/tests/SecretsTestBase.cs
index 7d732556fcd5d..333f6d5c8ec93 100644
--- a/sdk/keyvault/Azure.Security.KeyVault.Secrets/tests/SecretsTestBase.cs
+++ b/sdk/keyvault/Azure.Security.KeyVault.Secrets/tests/SecretsTestBase.cs
@@ -14,6 +14,7 @@
 namespace Azure.Security.KeyVault.Secrets.Tests
 {
     [ClientTestFixture(
+        SecretClientOptions.ServiceVersion.V7_5_Preview_1,
         SecretClientOptions.ServiceVersion.V7_4,
         SecretClientOptions.ServiceVersion.V7_3,
         SecretClientOptions.ServiceVersion.V7_2,
diff --git a/sdk/keyvault/CONTRIBUTING.md b/sdk/keyvault/CONTRIBUTING.md
index 005608be707c7..0ab0173033923 100644
--- a/sdk/keyvault/CONTRIBUTING.md
+++ b/sdk/keyvault/CONTRIBUTING.md
@@ -43,6 +43,20 @@ Our testing framework supports recording service requests made during a unit tes
 
 Properly supporting recorded tests does require a few extra considerations. All random values should be obtained via `this.Recording.Random` since we use the same seed on test playback to ensure our client code generates the same "random" values each time. You can't share any state between tests or rely on ordering because you don't know the order they'll be recorded or replayed.
 
+#### Re-recording tests
+
+When re-recording tests, you should first record the latest target framework, followed by the latest target .NET Framework version. There are some tests that are specific to .NET Framework that will not run during the first phase.
+
+Using Visual Studio, in Test Explorer:
+
+1. Select all projects targeting the latest target framework e.g., 'net7.0'.
+2. Click the `Run` button (default binding: `Ctrl+R, T`).
+3. After changing the api-version, expect a lot of failures. In that case, click the `Run failed tests` button (default binding: `Ctrl+R, F`).
+4. Select the latest .NET Framework target e.g., `net47`, for `Azure.Security.KeyVault.Keys.Tests`.
+5. Repeat steps 2 and 3.
+
+After re-recording tests, you need to [sync them to the assets repo](https://github.com/Azure/azure-sdk-tools/blob/main/tools/test-proxy/documentation/asset-sync/README.md).
+
 ### Running tests
 
 The easiest way to run and debug the tests is via Visual Studio's unit test runner.