Customer-Managed Keys for Microsoft Fabric Workspaces Now Generally Available
Microsoft Fabric Blog announces the general availability of customer-managed keys for Fabric workspaces, giving administrators enhanced encryption control. This update allows organizations to secure their data at rest using Azure Key Vault keys, addressing compliance and security needs.
Customer-Managed Keys for Microsoft Fabric Workspaces Now Generally Available
Protecting sensitive data is crucial, especially for organizations with strict compliance and advanced security needs. Microsoft Fabric now supports customer-managed keys (CMK) for workspaces, allowing you to protect data at rest with encryption keys that you create, own, and maintain in your Azure Key Vault (AKV).
Enhanced Data Protection and Control
- Default Fabric encryption: All data at rest is encrypted by default using Microsoft-managed keys. Data in transit is protected by TLS 1.2 or higher.
- Customer-managed keys (CMK): Administrators can now use their own keys stored in Azure Key Vault or Managed HSM to control encryption, enabling the ability to:
- Oversee the lifecycle, access, and utilization of encryption keys
- Rotate and revoke key access to meet compliance or governance requirements
- Add another layer of security beyond Microsoft’s standard encryption
This capability is particularly relevant for industries handling sensitive data or requiring strong data governance.
What’s New in GA
- CMK support has expanded from preview to general availability.
- Encryption support now includes Fabric Warehouses, Notebooks, and the SQL Analytics Endpoint in CMK-enabled workspaces.
- Ongoing work aims to introduce API support, Key Vaults behind firewalls, and additional Fabric item coverage.
For more information, see the customer-managed keys documentation and the Warehouse’s CMK launch blog.
How to Get Started
Workspace administrators can set up CMK in the Fabric portal:
- Navigate to Workspace Settings.
- Enable encryption using your customer-managed key stored in Azure Key Vault.
- Follow the step-by-step process described in the encryption documentation.
Feedback and Community
Microsoft welcomes feedback on security and flexibility features. You can share suggestions on the Fabric Ideas – Microsoft Fabric Community.
References:
- Customer-managed keys documentation
- Warehouse’s CMK launch blog
- Fabric Ideas – Microsoft Fabric Community
This post appeared first on “Microsoft Fabric Blog”. Read the entire article here