Security aspects are supremely important when dealing with data. Azure Data Lake is a secure repository, access to which is managed by Azure AD. Users, groups, and service applications that are provisioned and enabled in Azure AD are allowed to access the Azure Data Lake store. Moreover, after authentication the identity should have adequate permissions to perform activities on the Azure Data Lake store. Role-Based Access Control (RBAC) from Azure Resource Manager (ARM) is responsible for enforcing permission checks and authorization for an identity. There is additional authorization security available in terms of Access Control Lists (ACLs). The ACLs can be applied with read, write, and execute permissions of folders, sub-folders, and files.

Similar to Azure SQL, Data Lake store can only be accessed by those IP addresses that are explicitly allowed by whitelisting them in the Data Lake store configuration. Since, Azure Data Lake is frequently accessed by services in Azure itself, additional configuration is available to provide access to them without knowing their IP addresses.

Data stored in Azure Data Lake store can be encrypted. Data at rest can be in an encrypted form, such that it cannot be read by anyone having access to it. Similar to SQL Azure TDE, the data in Data Lake store can be encrypted before storing and decrypted after retrieval transparently, without the application knowing about it. It is good practice to keep data encrypted at rest. The encryption and decryption keys can be stored in the Azure key vault.