Enable infrastructure encryption (double encryption) during cluster creation in Azure Data Explorer

When you create a cluster, its storage is automatically encrypted at the service level. If you require a higher level of assurance that your data is secure, you can also enable Azure Storage infrastructure level encryption, also known as double encryption. When infrastructure encryption is enabled, data in the storage account is encrypted twice, once at the service level and once at the infrastructure level, using two different encryption algorithms and two different keys. Double encryption of Azure Storage data protects against a scenario where one of the encryption algorithms or keys may be compromised. In this scenario, the additional layer of encryption continues to protect your data.

Important

  • Enabling double encryption is only possible during cluster creation.
  • Once infrastructure encryption is enabled on your cluster, you can't disable it.
  1. Create an Azure Data Explorer cluster

  2. In the Security tab > Enable Double Encryption, select On. To remove the double encryption, select Off.

  3. Select Next:Network> or Review + create to create the cluster.

    double encryption new cluster.

Next steps

Check cluster health