MicrosoftDocs
diff --git a/‎articles/azure-monitor/logs/customer-managed-keys.md
Lines changed: 7 additions & 1 deletion b/‎articles/azure-monitor/logs/customer-managed-keys.md
Lines changed: 7 additions & 1 deletion
diff --git a/‎articles/azure-monitor/logs/media/customer-managed-keys/cmk-workbook.png
336 KB b/‎articles/azure-monitor/logs/media/customer-managed-keys/cmk-workbook.png
336 KB
@@ -263,8 +263,14 @@ All your data remains accessible after the key rotation operation. Data always e
 
 The query language used in Log Analytics is expressive and can contain sensitive information in comments, or in the query syntax. Some organizations require that such information is kept protected under Customer-managed key policy and you need save your queries encrypted with your key. Azure Monitor enables you to store saved queries and log alerts encrypted with your key in your own Storage Account when linked to your workspace. 
 
+## Customer-managed key for Workbooks
+
+With the considerations mentioned for [Customer-managed key for saved queries and log alerts](#customer-managed-key-for-saved-queries-and-log-alerts), Azure Monitor enables you to store Workbook queries encrypted with your key in your own Storage Account, when selecting **Save content to an Azure Storage Account** in Workbook 'Save' operation.
+
+[ ![Screenshot of Workbook save.](media/customer-managed-keys/grant-key-vault-permissions-rbac-8bit.png) ](media/customer-managed-keys/grant-key-vault-permissions-rbac-8bit.png#lightbox)
+
 > [!NOTE]
-> Queries remain encrypted with Microsoft key ("MMK") in the following scenarios regardless Customer-managed key configuration: Workbooks in Azure Monitor, Azure dashboards, Azure Logic App, Azure Notebooks and Automation Runbooks.
+> Queries remain encrypted with Microsoft key ("MMK") in the following scenarios regardless Customer-managed key configuration: Azure dashboards, Azure Logic App, Azure Notebooks and Automation Runbooks.
 
 When linking your Storage Account for saved queries, the service stores saved-queries and log alerts queries in your Storage Account. Having control on your Storage Account [encryption-at-rest policy](../../storage/common/customer-managed-keys-overview.md), you can protect saved queries and log alerts with Customer-managed key. You will, however, be responsible for the costs associated with that Storage Account.