Encryption with customer-managed keys (CMK) for Azure NetApp Files volumes allows you to bring your own key (BYOK) for data encryption at rest. You can use this feature to implement separation of duties for managing keys and data. Additionally, you can centrally manage and organize keys using Azure Key Vault. With customer-managed encryption, you are in full control of, and responsible for, a key’s lifecycle, key usage permissions, and auditing operations on keys. This feature is now in public preview.
Note that only new volumes are supported, migration from existing volumes is not supported. Only new volumes created with standard network features are supported at this time.
Currently this feature is available in West Europe, East US 2, East Asiaregions and will roll out to other SNF-regions as the preview progresses.
Additional resources:
What’s new in Azure NetApp Files
Configure customer-managed keys for Azure NetApp Files volume encryption