Description

Data stored in your Azure Cosmos DB account is automatically and seamlessly encrypted with keys managed by Microsoft (service-managed keys). Optionally, you can decide to add a second layer of encryption with keys you manage (customer-managed keys or CMK).

• 

  Recommended Mitigation

  It's recommended to configure you Azure Cosmos DB to use customer-managed key as a second layer of security. Currently, customer-managed keys are available only for new Azure Cosmos DB accounts. You should configure them during account creation.