Status: IN
Azure enforces protection through two orthogonal planes that must be independently configured: the access plane (identity-rooted default-deny across network and governance layers) prevents unauthorized data access, while the data plane (dual-layer FIPS-tiered encryption at rest plus universal TLS 1.2 in transit) ensures data remains protected even if access controls are compromised — neither plane compensates for gaps in the other.