Enable double encryption for your cluster in Azure Data Explorer

When you create a cluster, data is automatically encrypted at the service level. For greater data security, you can additionally enable double encryption.

When double encryption is enabled, data in the storage account is encrypted twice, using two different algorithms.


  • Enabling double encryption is only possible during cluster creation.
  • Once infrastructure encryption is enabled on your cluster, you can't disable it.

For code samples based on previous SDK versions, see the archived article.

  1. Create an Azure Data Explorer cluster

  2. In the Security tab > Enable Double Encryption, select On. To remove the double encryption, select Off.

  3. Select Next:Network> or Review + create to create the cluster.

    Screenshot of security tab, showing double encryption being enabled on a new cluster.


The following limitations apply to the encryption of selected volumes:

  • Performance impact of up to a single digit
  • Can't be used with sandboxes