Service Bus Premium namespaces should use CMK for encryption
HIGH
Ensures Azure Service Bus Premium namespaces use customer-managed keys for encryption at rest.
What does this mean?
This recommendation ensures that Azure Service Bus Premium namespaces encrypt data at rest using customer-managed keys instead of platform-managed keys, providing full control over the encryption key lifecycle.
Benefits of implementation
- Full control over encryption keys for message data
- Meets regulatory requirements for customer-managed encryption
- Consistent key management across messaging services
Drawbacks and considerations
- Only available on Premium tier (additional cost)
- Requires Azure Key Vault infrastructure
- Key unavailability impacts Service Bus operations
Implementation
Implementation guidance coming soon.
Related recommendations
Related recommendations will be linked here.
Frameworks
Details
- Risk Level
- HIGH
- Category
- Data Encryption
- Azure Resource
- Frameworks
- 1 frameworks
- Last updated
- 2026-02-12