| title | description | ms.reviewer | ms.topic | ms.date |
|---|---|---|---|---|
Enable cluster disk encryption in Azure Data Explorer |
This article describes how to secure your cluster using disk encryption in Azure Data Explorer within the Azure portal. |
gabil |
how-to |
04/12/2022 |
Your cluster security settings allow you to enable disk encryption on your cluster. Enabling encryption at rest on your cluster provides data protection for stored data. The disk encryption is implemented using either Azure Disk Encryption or encryption at host depending on the SKU of the cluster. The data is encrypted at rest using Microsoft-managed keys.
Note
- Enabling disk encryption can take up to 20 minutes during which the cluster will be unavailable.
- Legacy virtual machine (VM) sizes such as the Dv2 family are not supported. For more information, see Finding supported VM sizes.
-
In the Azure portal, go to your Azure Data Explorer cluster resource. Under the Settings heading, select Security.
:::image type="content" source="media/manage-cluster-security/security-encryption-at-rest.png" alt-text="Screenshot of security page, showing disk encryption at rest being turned on.":::
-
In the Security window, select On for the Disk encryption security setting.
-
Select Save.
Note
Select Off to disable the encryption after it has been enabled.
The following considerations apply to encryption using Azure Disk Encryption:
- Performance impact of up to a single digit
- Can't be used with sandboxes