![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(3.2, 68%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
Azure Data Factory
An Azure service for ingesting, preparing, and transforming data at scale.
11,623 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 38%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EQ%3C/text%3E%3C/svg%3E)
Hello @Kashish
By default, the traffic between ADF and SHIR is through TLS1.2, the onprem to cloud data movement happen through TLS1.2 encryption, but the traffic between SHIR and your service encryption depends on your service protocol (HTTPS, SFTP etc). The Product guarantee the communication between SHIR and ADF service is using TLS 1.2.
You got the Private endpoints for both scenarios!
In this scenario, the TLS 1.2 certificate is typically managed by the components that terminate the TLS connection. This usually includes the Azure Firewall, the Private Endpoint.
All data transfers are via secure channel HTTPS and TLS over TCP to prevent man-in-the-middle attacks during communication with Azure services.
For more details, refer to Security considerations for data movement in Azure Data Factory.
For other components such as on-premises infrastructure lies with the customer or the organization managing the network infrastructure.