Which Azure feature protects data in transit?

The choice of encryption as the feature that protects data in transit is correct because encryption specifically refers to the process of encoding information in such a way that only authorized parties can access it. In the context of data transmitted over networks, encryption secures that data against unauthorized access or interception, ensuring that it remains confidential and unaltered during transit.

When data is encrypted while in transit, even if it is intercepted, the attackers would be unable to make sense of the data without the correct decryption keys. This is crucial for maintaining the integrity and privacy of sensitive information as it moves across potentially insecure networks.

Furthermore, while Azure Bastion and Network Security Groups contribute to network security and can help enhance the overall security posture, they do not directly encrypt data being transmitted. Azure AD, which is primarily used for identity and access management, also does not provide direct protection for data in transit. Thus, encryption stands out as the essential mechanism specifically designed for securing data while it is actively moving between systems.