Customer-managed keys for Fabric workspaces (Generally Available)
Protect your data at rest with keys you own and control
By default, Fabric encrypts all data at rest using Microsoft-managed keys and secures data in transit with TLS 1.2 or higher. Customer-managed keys (CMK), which you create, own, and maintain in your Azure Key Vault (AKV), offer enhanced control over your encryption strategy. With CMK, you oversee the lifecycle, access, and use of your keys, providing an added layer of security beyond what Microsoft-managed encryption offers. This is especially beneficial for organizations that have strict compliance, governance, or advanced security requirements. You can rotate keys and revoke key access at any time to protect sensitive information within your organization.
What’s new?
Customer managed keys were launched in preview, offering workspace administrators the ability to use keys in Azure Key Vault and Managed HSM, to protect data in certain Fabric items. Now, we are extending the encryption support to more Fabric workloads. You can now create Fabric Warehouses, Notebooks and utilize the SQL Analytics Endpoint in workspaces enabled with encryption using your keys. The changes are rolling out and should be available in all regions over the next few days.
We are actively working on bringing you additional functionality including API support, ability to use Key Vaults behind a firewall and support for even more Fabric items. To learn more, refer to the customer-managed keys documentation and Warehouse’s CMK launch blog.
Getting started with CMK for your Fabric workspace
Workspace admins can use the Fabric portal to navigate to workspace settings and set up encryption using customer managed keys. Refer to the encryption documentation for a step-by-step guide.
Your feedback is essential! Let us know how we can make Fabric even more secure and flexible for your workloads by sharing your feedback at Fabric Ideas – Microsoft Fabric Community
