Generally Available: Double encryption at-rest for Azure NetApp Files

Azure NetApp Files double encryption at-rest feature now provides multiple independent encryption layers, protecting against attacks to any single encryption layer.

Threats are diminished to the encrypted data, for example: 

• Single encryption key being compromised, 
• Encryption algorithms with implementation errors, 
• Data encryption configuration errors.

With this capability you can now optionally select double encryption when creating their Azure NetApp Files capacity pools.  Volumes can be created on these capacity pools and automatically are protected with double encryption without any additional steps. 

For customers that want/require management of their own encryption keys with double encryption, please see: configure customer-managed keys for Azure NetApp Files volume encryption. 

There is negligible performance impact when using FIPS-140 certified double encryption. This allows existing applications to utilize double encryption protection without sacrificing performance. 

This feature is generally available in these regions.

Learn more:

• What's new in Azure NetApp Files
• Learn more about double encryption at rest