Data protection

Azure Azure Cosmos DB Customer-Managed Keys encryption is disabled

Compliance Frameworks


Data stored in your Azure Cosmos DB account is automatically and seamlessly encrypted with keys managed by Microsoft (service-managed keys). Optionally, you can decide to add a second layer of encryption with keys you manage (customer-managed keys or CMK).
  • Recommended Mitigation

    It's recommended to configure you Azure Cosmos DB to use customer-managed key as a second layer of security. Currently, customer-managed keys are available only for new Azure Cosmos DB accounts. You should configure them during account creation.