Azure Active Directory (AAD) only authentication methods improves security by ensuring that Synapse Workspaces exclusively require AAD identities for authentication. Learn more at: https://aka.ms/Synapse.
The following 1 compliance controls are associated with this Policy definition 'Synapse Workspaces should use only Azure Active Directory identities for authentication' (2158ddbe-fefa-408e-b43f-d4faef8ff3b8)
To complement access controls, data at rest should be protected against 'out of band' attacks (such as accessing underlying storage) using encryption. This helps ensure that attackers cannot easily read or modify the data.
Many Azure services have data at rest encryption enabled by default at the infrastructure layer using a service-managed key.
Where technically feasible and not enabled by default, you can enable data at rest encryption in the Azure services, or in your VMs for storage level, file level, or database level encryption.
**Implementation and additional context:**
Understand encryption at rest in Azure: https://docs.microsoft.com/azure/security/fundamentals/encryption-atrest#encryption-at-rest-in-microsoft-cloud-services
Data at rest double encryption in Azure: https://docs.microsoft.com/azure/security/fundamentals/encryption-models
Encryption model and key management table: