Hello @Mani ,
Welcome to the Microsoft Q&A forum.
In your architecture, where you are using Azure Data Factory with a Self-hosted Integration Runtime on a Windows virtual machine in Azure to connect to an on-premises data store via Azure ExpressRoute, Azure Data Factory does create encrypted database connections.
According to the security considerations for data movement in Azure Data Factory, the service ensures that all data movement is secure. Specifically, Azure Data Factory, including the Azure Integration Runtime and Self-hosted Integration Runtime, does not store any temporary data, cache data, or logs except for linked service credentials for cloud data stores, which are encrypted using certificates
If the cloud data store supports HTTPS or TLS, all data transfers between data movement services in Data Factory and a cloud data store are via secure channel HTTPS or TLS.
Therefore, if your on-premises data store secures data movement using TLS or HTTPS, then encryption applies to both data in transit and credentials, ensuring the security of your data.
You can see the below Microsoft document.
https://learn.microsoft.com/en-us/azure/data-factory/data-movement-security-considerations
I hope this helps.
If this answers your question, please consider accepting the answer by hitting the Accept answer and up-vote as it helps the community look for answers to similar questions.