@@ -132,94 +132,105 @@ When server-side encryption using customer-managed keys in customer-controlled h
132132
133133Here are the services that support server-side encryption using customer managed keys:
134134
135+
135136| Product, Feature, or Service | Key Vault | Managed HSM | Documentation |
136137| --- | --- | --- | --- |
137138| ** AI and Machine Learning** | | | |
138139| [ Azure AI Search] ( /azure/search/ ) | Yes | | |
139140| [ Azure AI services] ( /azure/cognitive-services/ ) | Yes | Yes | |
141+ | [ Azure AI Studio] ( /azure/ai-studio ) | Yes | | [ CMKs for encryption] ( /azure/ai-studio/concepts/encryption-keys-portal ) |
140142| [ Azure Machine Learning] ( /azure/machine-learning/ ) | Yes | | |
143+ | [ Azure OpenAI] ( /azure/ai-services/openai/ ) | Yes | Yes | |
141144| [ Content Moderator] ( /azure/cognitive-services/content-moderator/ ) | Yes | Yes | |
145+ | [ Dataverse] ( /powerapps/maker/data-platform/ ) | Yes | Yes | |
146+ | [ Dynamics 365] ( /dynamics365/ ) | Yes | Yes | |
142147| [ Face] ( /azure/cognitive-services/face/ ) | Yes | Yes | |
143148| [ Language Understanding] ( /azure/cognitive-services/luis/ ) | Yes | Yes | |
144- | [ Azure OpenAI] ( /azure/ai-services/openai/ ) | Yes | Yes | |
145149| [ Personalizer] ( /azure/cognitive-services/personalizer/ ) | Yes | Yes | |
150+ | [ Power Platform] ( /power-platform/ ) | Yes | Yes | |
146151| [ QnA Maker] ( /azure/cognitive-services/qnamaker/ ) | Yes | Yes | |
147152| [ Speech Services] ( /azure/cognitive-services/speech-service/ ) | Yes | Yes | |
148153| [ Translator Text] ( /azure/cognitive-services/translator/ ) | Yes | Yes | |
149- | [ Power Platform] ( /power-platform/ ) | Yes | Yes | |
150- | [ Dataverse] ( /powerapps/maker/data-platform/ ) | Yes | Yes | |
151- | [ Dynamics 365] ( /dynamics365/ ) | Yes | Yes | |
152154| ** Analytics** | | | |
153- | [ Azure Stream Analytics] ( /azure/stream-analytics/ ) | Yes\*\* | Yes | |
154- | [ Event Hubs] ( /azure/event-hubs/ ) | Yes | | |
155- | [ Functions] ( /azure/azure-functions/ ) | Yes | | |
156- | [ Azure HDInsight] ( /azure/hdinsight/ ) | Yes | | |
157- | [ Azure Monitor Application Insights] ( /azure/azure-monitor/app/app-insights-overview ) | Yes | | |
158- | [ Azure Monitor Log Analytics] ( /azure/azure-monitor/logs/log-analytics-overview ) | Yes | Yes | |
159155| [ Azure Data Explorer] ( /azure/data-explorer/ ) | Yes | | |
160156| [ Azure Data Factory] ( /azure/data-factory/ ) | Yes | Yes | |
161157| [ Azure Data Lake Store] ( /azure/data-lake-store/ ) | Yes, RSA 2048-bit | | |
158+ | [ Azure HDInsight] ( /azure/hdinsight/ ) | Yes | | |
159+ | [ Azure Monitor Application Insights] ( /azure/azure-monitor/app/app-insights-overview ) | Yes | | |
160+ | [ Azure Monitor Log Analytics] ( /azure/azure-monitor/logs/log-analytics-overview ) | Yes | Yes | |
161+ | [ Azure Stream Analytics] ( /azure/stream-analytics/ ) | Yes\*\* | Yes | |
162+ | [ Event Hubs] ( /azure/event-hubs/ ) | Yes | | |
163+ | [ Functions] ( /azure/azure-functions/ ) | Yes | | |
164+ | [ Microsoft Fabric] ( /fabric ) | Yes | | [ CMK encryption] ( /fabric/security/security-scenario#customer-managed-key-cmk-encryption-and-microsoft-fabric ) |
165+ | [ Power BI Embedded] ( /power-bi ) | Yes | | [ BYOK for Power BI] ( /power-bi/enterprise/service-encryption-byok ) |
162166| ** Containers** | | | |
167+ | [ Azure Container Storage] ( https://learn.microsoft.com/en-us/azure/storage/container-storage ) | Yes | | [ Dynamic storage pool with CMKs] ( /azure/storage/container-storage/use-container-storage-with-managed-disks#create-a-dynamic-storage-pool-using-your-own-encryption-key-optional ) |
163168| [ Azure Kubernetes Service] ( /azure/aks/ ) | Yes | Yes | |
169+ | [ Azure Red Hat OpenShift] ( /azure/openshift/ ) | Yes | | [ CMK encryption] ( /azure/openshift/howto-byok ) |
164170| [ Container Instances] ( /azure/container-instances/ ) | Yes | | |
165171| [ Container Registry] ( /azure/container-registry/ ) | Yes | | |
166172| ** Compute** | | | |
167- | [ Virtual Machines] ( /azure/virtual-machines/ ) | Yes | Yes | |
168- | [ Virtual Machine Scale Set] ( /azure/virtual-machine-scale-sets/ ) | Yes | Yes | |
169- | [ SAP HANA] ( /azure/sap/large-instances/hana-overview-architecture ) | Yes | | |
170173| [ App Service] ( /azure/app-service/ ) | Yes\*\* | Yes | |
171174| [ Automation] ( /azure/automation/ ) | Yes | | |
172175| [ Azure Functions] ( /azure/azure-functions/ ) | Yes\*\* | Yes | |
173176| [ Azure portal] ( /azure/azure-portal/ ) | Yes\*\* | Yes | |
174177| [ Azure VMware Solution] ( /azure/azure-vmware/ ) | Yes | Yes | |
175- | [ Logic Apps] ( /azure/logic-apps/ ) | Yes | | |
176178| [ Azure-managed applications] ( /azure/azure-resource-manager/managed-applications/overview ) | Yes\*\* | Yes | |
179+ | [ Batch] ( /azure/batch/ ) | Yes | | [ Configure CMKs] ( /azure/batch/batch-customer-managed-key ) |
180+ | [ Logic Apps] ( /azure/logic-apps/ ) | Yes | | |
181+ | [ SAP HANA] ( /azure/sap/large-instances/hana-overview-architecture ) | Yes | | |
177182| [ Service Bus] ( /azure/service-bus-messaging/ ) | Yes | | |
178183| [ Site Recovery] ( /azure/site-recovery/ ) | Yes | | |
184+ | [ Virtual Machine Scale Set] ( /azure/virtual-machine-scale-sets/ ) | Yes | Yes | |
185+ | [ Virtual Machines] ( /azure/virtual-machines/ ) | Yes | Yes | |
179186| ** Databases** | | | |
180- | [ SQL Server on Virtual Machines] ( /azure/virtual-machines/windows/sql/ ) | Yes | | |
181- | [ Azure SQL Database] ( /azure/azure-sql/database/ ) | Yes, RSA 3072-bit | Yes | |
182- | [ Azure SQL Managed Instance] ( /azure/azure-sql/managed-instance/ ) | Yes, RSA 3072-bit | Yes | |
187+ | [ Azure Cosmos DB] ( /azure/cosmos-db/ ) | Yes | Yes | [ Configure CMKs (Key Vault)] ( /azure/cosmos-db/how-to-setup-cmk ) and [ Configure CMKs (Managed HSM)] ( /azure/cosmos-db/how-to-setup-customer-managed-keys-mhsm ) |
183188| [ Azure Database for MySQL] ( /azure/mysql/ ) | Yes | Yes | |
184189| [ Azure Database for PostgreSQL] ( /azure/postgresql/ ) | Yes | Yes | |
190+ | [ Azure Database Migration Service] ( /azure/dms/ ) | N/A\* | | |
191+ | [ Azure Databricks] ( /azure/databricks/ ) | Yes | Yes | |
192+ | [ Azure Managed Instance for Apache Cassandra] ( /azure/managed-instance-apache-cassandra/ ) | Yes | | [ CMKs] ( /azure/managed-instance-apache-cassandra/customer-managed-keys ) |
193+ | [ Azure SQL Database] ( /azure/azure-sql/database/ ) | Yes, RSA 3072-bit | Yes | |
194+ | [ Azure SQL Managed Instance] ( /azure/azure-sql/managed-instance/ ) | Yes, RSA 3072-bit | Yes | |
185195| [ Azure Synapse Analytics (dedicated SQL pool (formerly SQL DW) only)] ( /azure/synapse-analytics/ ) | Yes, RSA 3072-bit | Yes | |
196+ | [ SQL Server on Virtual Machines] ( /azure/virtual-machines/windows/sql/ ) | Yes | | |
186197| [ SQL Server Stretch Database] ( /sql/sql-server/stretch-database/ ) | Yes, RSA 3072-bit | | |
187- | [ Table Storage] ( /azure/storage/tables/ ) | Yes | | |
188- | [ Azure Cosmos DB] ( /azure/cosmos-db/ ) | Yes | Yes | [ Configure CMKs (Key Vault)] ( /azure/cosmos-db/how-to-setup-cmk ) and [ Configure CMKs (Managed HSM)] ( /azure/cosmos-db/how-to-setup-customer-managed-keys-mhsm ) |
189- | [ Azure Databricks] ( /azure/databricks/ ) | Yes | Yes | |
190- | [ Azure Database Migration Service] ( /azure/dms/ ) | N/A\* | | |
191- | ** Identity** | | | |
198+ | [ Table Storage] ( /azure/storage/tables/ ) | Yes | | || ** Identity** | | | |
192199| [ Microsoft Entra ID] ( /azure/active-directory/ ) | - | | |
193200| [ Microsoft Entra Domain Services] ( /azure/active-directory-domain-services/ ) | Yes | | |
194201| ** Integration** | | | |
202+ | [ Azure Health Data Services] ( /azure/healthcare-apis/ ) | Yes | | [ Configure CMKs for DICOM] ( /azure/healthcare-apis/dicom/configure-customer-managed-keys ) , [ Configure CMKs for FHIR] ( /azure/healthcare-apis/fhir/configure-customer-managed-keys ) |
195203| [ Service Bus] ( /azure/service-bus-messaging/ ) | Yes | | |
196204| ** IoT Services** | | | |
197205| [ IoT Hub] ( /azure/iot-hub/ ) | Yes | | |
198206| [ IoT Hub Device Provisioning] ( /azure/iot-dps/ ) | Yes | | |
199207| ** Management and Governance** | | | |
200208| [ Azure Migrate] ( /azure/migrate/ ) | Yes | | |
209+ | [ Azure Monitor] ( /azure/azure-monitor ) | Yes | | [ CMKs] ( /azure/azure-monitor/logs/customer-managed-keys?tabs=portal ) |
201210| ** Media** | | | |
202211| [ Media Services] ( /azure/media-services/ ) | Yes | | |
203212| ** Security** | | | |
213+ | [ Microsoft Defender for Cloud] ( /azure/defender-for-cloud/ ) | Yes | | [ Security baseline: CMKs] ( /security/benchmark/azure/baselines/microsoft-defender-for-cloud-security-baseline#dp-5-use-customer-managed-key-option-in-data-at-rest-encryption-when-required ) |
204214| [ Microsoft Defender for IoT] ( /azure/defender-for-iot/ ) | Yes | | |
205215| [ Microsoft Sentinel] ( /azure/sentinel/ ) | Yes | Yes | |
206216| ** Storage** | | | |
217+ | [ Archive Storage] ( /azure/storage/blobs/archive-blob ) | Yes | | |
218+ | [ Azure Backup] ( /azure/backup/ ) | Yes | Yes | |
219+ | [ Azure Cache for Redis] ( /azure/azure-cache-for-redis/ ) | Yes\*\* | Yes | |
220+ | [ Azure Managed Lustre] ( /azure/azure-managed-lustre/ ) | Yes | | [ CMKs] ( /azure/azure-managed-lustre/customer-managed-encryption-keys ) |
221+ | [ Azure NetApp Files] ( /azure/azure-netapp-files/ ) | Yes | Yes | |
222+ | [ Azure Stack Edge] ( /azure/databox-online/azure-stack-edge-overview/ ) | Yes | | |
207223| [ Blob Storage] ( /azure/storage/blobs/ ) | Yes | Yes | |
208- | [ Premium Blob Storage] ( /azure/storage/blobs/ ) | Yes | Yes | |
224+ | [ Data Lake Storage Gen2 ] ( /azure/storage/blobs/data-lake-storage-introduction / ) | Yes | Yes | |
209225| [ Disk Storage] ( /azure/virtual-machines/disks-types/ ) | Yes | Yes | |
210- | [ Ultra Disk Storage] ( /azure/virtual-machines/disks-types/ ) | Yes | Yes | |
211- | [ Managed Disk Storage] ( /azure/virtual-machines/disks-types/ ) | Yes | Yes | |
212- | [ File Storage] ( /azure/storage/files/ ) | Yes | Yes | |
213226| [ File Premium Storage] ( /azure/storage/files/ ) | Yes | Yes | |
227+ | [ File Storage] ( /azure/storage/files/ ) | Yes | Yes | |
214228| [ File Sync] ( /azure/storage/file-sync/file-sync-introduction ) | Yes | Yes | |
229+ | [ Managed Disk Storage] ( /azure/virtual-machines/disks-types/ ) | Yes | Yes | |
230+ | [ Premium Blob Storage] ( /azure/storage/blobs/ ) | Yes | Yes | |
215231| [ Queue Storage] ( /azure/storage/queues/ ) | Yes | Yes | |
216- | [ Data Lake Storage Gen2] ( /azure/storage/blobs/data-lake-storage-introduction/ ) | Yes | Yes | |
217- | [ Azure Cache for Redis] ( /azure/azure-cache-for-redis/ ) | Yes\*\* | Yes | |
218- | [ Azure NetApp Files] ( /azure/azure-netapp-files/ ) | Yes | Yes | |
219- | [ Archive Storage] ( /azure/storage/blobs/archive-blob ) | Yes | | |
220232| [ StorSimple] ( /azure/storsimple/ ) | Yes | | |
221- | [ Azure Backup] ( /azure/backup/ ) | Yes | Yes | |
222- | [ Azure Stack Edge] ( /azure/databox-online/azure-stack-edge-overview/ ) | Yes | | |
233+ | [ Ultra Disk Storage] ( /azure/virtual-machines/disks-types/ ) | Yes | Yes | |
223234| ** Other** | | | |
224235| [ Azure Data Manager for Energy] ( /azure/energy-data-services/overview-microsoft-energy-data-services ) | Yes | | |
225236
0 commit comments