Azure server-side encryption with customer-managed keys now available for Azure Ultra Disks
Published date: May 27, 2020
Azure Ultra Disk customers already benefit from server-side encription (SSE) with platform-managed keys for Azure Managed Disks enabled by default. SSE with customer-managed keys (CMK) improves on platform-managed keys by giving you control of the encryption keys to meet your compliance needs.
SSE with CMK is integrated with Azure Key Vault, which provides highly available and scalable secure storage for your keys backed by hardware security modules (HSM). You can either bring your own keys (BYOK) to your key vault or generate new keys in the Key Vault.