This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(140.8, 12%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMP%3C/text%3E%3C/svg%3E)
Hi,
I'm trying to research the security behind Azure Monitor, specifically Azure Log Analytics. I've read a few articles about Azure Monitor's security as well as Azure's encryption-at-rest document:
https://learn.microsoft.com/en-us/azure/azure-monitor/platform/data-security
https://learn.microsoft.com/en-us/azure/security/fundamentals/encryption-atrest
Two quotes that caught my attention in the second link:
"Organizations have the option of letting Azure completely manage Encryption at Rest."
"Microsoft is committed to encryption at rest options across cloud services and giving customers control of encryption keys and logs of key use. Additionally, Microsoft is working towards encrypting all customer data at rest by default."
Through my research, I've seen people comment that Microsoft has moved forward and has default levels of encryption at rest for all Microsoft services. Is this true, and where can I verify it?
I want the simplest way to verify or set up encryption at rest for Azure Monitor, specifically with respect to encryption at rest for the logs that I'm collecting with Azure. Any help or guidance is appreciated.
Thank you!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(249.60000000000002, 39%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
@Matthew Pointer The data stored in log analytics is encrypted at rest by default and you have an option to encrypt the data at rest using customer managed keys. For more information, kindly go through this document and revert if you have further questions.
@Matthew Pointer Checking if the provided document has answered your question. Kindly revert if you need further assistance.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(51.2, 48%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVD%3C/text%3E%3C/svg%3E)
I need the same confirmation;
Where in the documentation is it indicated data-at-rest is encrypted by default?
I cannot find anywhere in the documentation; The data stored in log analytics is encrypted by default.
Thanks,
Darren
@Valiquette, Darren Here are some reference documents providing the information of data-at-rest encryption.
