diff --git a/internal/services/keyvault/validate/child_id.go b/internal/services/keyvault/validate/child_id.go
index f60922f2c331..b0a8b7a2277f 100644
--- a/internal/services/keyvault/validate/child_id.go
+++ b/internal/services/keyvault/validate/child_id.go
@@ -19,3 +19,17 @@ func KeyVaultChildID(i interface{}, k string) (warnings []string, errors []error
 
 	return warnings, errors
 }
+
+func KeyVaultChildIDWithOptionalVersion(i interface{}, k string) (warnings []string, errors []error) {
+	v, ok := i.(string)
+	if !ok {
+		errors = append(errors, fmt.Errorf("expected type of %q to be string", k))
+		return warnings, errors
+	}
+
+	if _, err := parse.ParseOptionallyVersionedNestedItemID(v); err != nil {
+		errors = append(errors, fmt.Errorf("can not parse %q as a Key Vault Child resource id: %v", k, err))
+	}
+
+	return warnings, errors
+}
diff --git a/internal/services/storage/storage_encryption_scope_resource.go b/internal/services/storage/storage_encryption_scope_resource.go
index 61c65e3f25da..b79316e6b216 100644
--- a/internal/services/storage/storage_encryption_scope_resource.go
+++ b/internal/services/storage/storage_encryption_scope_resource.go
@@ -64,7 +64,7 @@ func resourceStorageEncryptionScope() *pluginsdk.Resource {
 			"key_vault_key_id": {
 				Type:         pluginsdk.TypeString,
 				Optional:     true,
-				ValidateFunc: keyVaultValidate.KeyVaultChildID,
+				ValidateFunc: keyVaultValidate.KeyVaultChildIDWithOptionalVersion,
 			},
 
 			"infrastructure_encryption_required": {
diff --git a/internal/services/storage/storage_encryption_scope_resource_test.go b/internal/services/storage/storage_encryption_scope_resource_test.go
index 0c75191fa6f3..4414236c4adb 100644
--- a/internal/services/storage/storage_encryption_scope_resource_test.go
+++ b/internal/services/storage/storage_encryption_scope_resource_test.go
@@ -32,6 +32,21 @@ func TestAccStorageEncryptionScope_keyVaultKey(t *testing.T) {
 	})
 }
 
+func TestAccStorageEncryptionScope_keyVaultKeyVersionless(t *testing.T) {
+	data := acceptance.BuildTestData(t, "azurerm_storage_encryption_scope", "test")
+	r := StorageEncryptionScopeResource{}
+	data.ResourceTest(t, r, []acceptance.TestStep{
+		{
+			Config: r.keyVaultKeyVersionless(data),
+			Check: acceptance.ComposeTestCheckFunc(
+				check.That(data.ResourceName).ExistsInAzure(r),
+				check.That(data.ResourceName).Key("source").HasValue("Microsoft.KeyVault"),
+			),
+		},
+		data.ImportStep(),
+	})
+}
+
 func TestAccStorageEncryptionScope_keyVaultKeyRequireInfrastructureEncryption(t *testing.T) {
 	data := acceptance.BuildTestData(t, "azurerm_storage_encryption_scope", "test")
 	r := StorageEncryptionScopeResource{}
@@ -206,6 +221,28 @@ resource "azurerm_storage_encryption_scope" "test" {
 `, template, data.RandomInteger)
 }
 
+func (t StorageEncryptionScopeResource) keyVaultKeyVersionless(data acceptance.TestData) string {
+	template := t.template(data)
+	return fmt.Sprintf(`
+provider "azurerm" {
+  features {
+    key_vault {
+      purge_soft_delete_on_destroy = false
+    }
+  }
+}
+
+%s
+
+resource "azurerm_storage_encryption_scope" "test" {
+  name               = "acctestES%d"
+  storage_account_id = azurerm_storage_account.test.id
+  source             = "Microsoft.KeyVault"
+  key_vault_key_id   = azurerm_key_vault_key.first.versionless_id
+}
+`, template, data.RandomInteger)
+}
+
 func (t StorageEncryptionScopeResource) keyVaultKeyUpdated(data acceptance.TestData) string {
 	template := t.template(data)
 	return fmt.Sprintf(`