Custom encryption with customer owned keys now generally available

Richa Misra

In our previous Ignite post, we introduced a brand-new security capability to ensure additional data security measures for your Microsoft 365 datasets. With this new feature, customers can ensure that their selected datasets are delivered to their destination storage account encrypted. But that’s not all – once the data is delivered, customers also receive an encrypted symmetric key with steps for decryption. This ensures that only the correct stakeholders within their tenant can access the data.

To get started, enable the “encryption” property during app registration or update your current app settings (see images below). Ensure your Azure Key Vault is set up correctly to host public keys (RSA 2048 and AES 256 keys) and link it to your Microsoft Graph Data Connect app. Once your Microsoft 365 tenant admin approves your app, your requested datasets will be delivered encrypted to your storage account!

Please Note: This capability is only available for users using Copy Activity with Azure Data Factory or Azure Synapse and are on the simplified onboarding experience.

Enable the “encryption” property during app registration:

Add an application for Microsoft Graph Data Connect


Update “encryption” properties for your current app settings:

Update encryption settings




Discussion is closed.

Feedback usabilla icon