Public Preview: Azure NetApp Files volume encryption key transition

This feature allows customers to transition their existing volumes protected with platform-managed key (PMK) to a volume encrypted, using a customer-managed key (CMK) stored in Azure Key Vault. 

Customer-managed keys for Azure NetApp Files volume encryption (CMK) provides the key manageability for additional security. With this capability, you can increase security of your encryption keys by taking direct ownership of managing key rotation, access, permissions and auditing tasks. You can encrypt and decrypt your data stored in Azure NetApp Files using your own secured key for maximum control/management of key access. 

Key benefits: 

• Secure key management: The keys are generated and managed by the customer organization. This provides additional security layer by reducing the risk of unauthorized key access.
• Regulatory/compliance: Several entities have strict regulations for data protection. CMK helps comply with various requirements and provide ability to track key management for regulatory purposes. 
• Performance: There is no performance impact when using CMK.  It simply protects the account encryption key using the Azure Key Vault. 

This feature is available in preview in these regions, and we will be rolling out to other regions.

Additional Resources:

• Configure customer-managed keys for Azure NetApp Files volume encryption
• Transition existing volumes to customer-managed keys