diff --git a/exports.js b/exports.js
index dcbf2a3dbb..50a7e9f116 100644
--- a/exports.js
+++ b/exports.js
@@ -1217,6 +1217,7 @@ module.exports = {
         'workspaceManagedIdentity'      : require(__dirname + '/plugins/azure/synapse/workspaceManagedIdentity.js'),
         'synapseWorkspaceAdAuthEnabled' : require(__dirname + '/plugins/azure/synapse/synapseWorkspaceAdAuthEnabled.js'),
         'synapseWorkspacPrivateEndpoint': require(__dirname + '/plugins/azure/synapse/synapseWorkspacPrivateEndpoint.js'),
+        'workspaceDoubleEncryption'     : require(__dirname + '/plugins/azure/synapse/workspaceDoubleEncryption.js'),
 
         'apiInstanceManagedIdentity'    : require(__dirname + '/plugins/azure/apiManagement/apiInstanceManagedIdentity.js'),
         'apiInstanceHasTags'            : require(__dirname + '/plugins/azure/apiManagement/apiInstanceHasTags.js'),
diff --git a/plugins/azure/synapse/workspaceDoubleEncryption.js b/plugins/azure/synapse/workspaceDoubleEncryption.js
new file mode 100644
index 0000000000..252a16321f
--- /dev/null
+++ b/plugins/azure/synapse/workspaceDoubleEncryption.js
@@ -0,0 +1,56 @@
+var async = require('async');
+var helpers = require('../../../helpers/azure');
+
+module.exports = {
+    title: 'Synapse Workspace Double Encryption Enabled',
+    category: 'AI & ML',
+    domain: 'Machine Learning',
+    severity: 'High',
+    description: 'Ensures that Azure Synapse workspace has double Encryption enabled.',
+    more_info: 'Enabling double encryption for Synapse workspace provides an extra layer of protection for data at rest and in transit. This feature significantly enhances security and helps ensure compliance with stringent data protection standards within the Azure environment.',
+    recommended_action: 'Create a new Synapse workspace and enable double encryption using CMK.',
+    link: 'https://learn.microsoft.com/en-us/azure/synapse-analytics/security/workspaces-encryption',
+    apis: ['synapse:listWorkspaces'],
+    realtime_triggers: ['microsoftsynapse:workspaces:write','microsoftsynapse:workspaces:delete'],
+
+    run: function(cache, settings, callback) {
+        const results = [];
+        const source = {};
+        const locations = helpers.locations(settings.govcloud);
+
+        async.each(locations.synapse, function(location, rcb) {
+            const workspaces = helpers.addSource(cache, source,
+                ['synapse', 'listWorkspaces', location]);
+
+            if (!workspaces) return rcb();
+
+
+            if (workspaces.err || !workspaces.data) {
+                helpers.addResult(results, 3, 'Unable to query Synapse workspaces: ' + helpers.addError(workspaces), location);
+                return rcb();
+            }
+
+            if (!workspaces.data.length) {
+                helpers.addResult(results, 0, 'No existing Synapse workspaces found', location);
+                return rcb();
+            }
+
+            for (let workspace of workspaces.data) {
+                if (!workspace.id) continue;
+                
+                if (workspace.encryption && 
+                    workspace.encryption.doubleEncryptionEnabled &&
+                    Object.entries(workspace.encryption.cmk).length > 0) {
+                    helpers.addResult(results, 0, 'Synapse workspace has double encryption enabled', location, workspace.id);
+                } else {
+                    helpers.addResult(results, 2, 'Synapse workspace does not have double encryption enabled', location, workspace.id);
+                }
+            }
+
+            rcb();
+        }, function() {
+            // Global checking goes here
+            callback(null, results, source);
+        });
+    }
+};
\ No newline at end of file
diff --git a/plugins/azure/synapse/workspaceDoubleEncryption.spec.js b/plugins/azure/synapse/workspaceDoubleEncryption.spec.js
new file mode 100644
index 0000000000..54f0b00f88
--- /dev/null
+++ b/plugins/azure/synapse/workspaceDoubleEncryption.spec.js
@@ -0,0 +1,96 @@
+var expect = require('chai').expect;
+var workspaceDoubleEncryption = require('./workspaceDoubleEncryption');
+
+const workspaces = [
+    {
+        type: "Microsoft.Synapse/workspaces",
+        id: "/subscriptions/123/resourceGroups/rsgrp/providers/Microsoft.Synapse/workspaces/test",
+        location: "eastus",
+        name: "test",
+        encryption: {
+            doubleEncryptionEnabled: false
+        }
+    },
+    {
+        type: "Microsoft.Synapse/workspaces",
+        id: "/subscriptions/123/resourceGroups/rsgrp/providers/Microsoft.Synapse/workspaces/test",
+        location: "eastus",
+        name: "test",
+        encryption: {
+            cmk: {
+                kekIdentity: {
+                    useSystemAssignedIdentity: true,
+                },
+                key: {
+                    name: "default",
+                    keyVaultUrl: "https://test-key-0011.vault.azure.net/keys/test-key",
+                },
+            },
+            doubleEncryptionEnabled: true,
+        } 
+    },
+];
+
+
+const createCache = (workspaces, err) => {
+
+    return {
+        synapse: {
+            listWorkspaces: {
+                'eastus': {
+                    data: workspaces,
+                    err: err
+                }
+            }
+        }
+    };
+};
+
+describe('workspaceDoubleEncryption', function () {
+    describe('run', function () {
+
+        it('should give a passing result if no Synapse workspaces are found', function (done) {
+            const cache = createCache([], null);
+            workspaceDoubleEncryption.run(cache, {}, (err, results) => {
+                expect(results.length).to.equal(1);
+                expect(results[0].status).to.equal(0);
+                expect(results[0].message).to.include('No existing Synapse workspaces found');
+                expect(results[0].region).to.equal('eastus');
+                done();
+            });
+        });
+
+        it('should give unknown result if unable to query for Synapse workspaces', function (done) {
+            const cache = createCache(null, ['error']);
+            workspaceDoubleEncryption.run(cache, {}, (err, results) => {
+                expect(results.length).to.equal(1);
+                expect(results[0].status).to.equal(3);
+                expect(results[0].message).to.include('Unable to query Synapse workspaces');
+                expect(results[0].region).to.equal('eastus');
+                done();
+            });
+        });
+
+        it('should give passing result if workspace has double encryption enabled', function (done) {
+            const cache = createCache([workspaces[1]], null);
+            workspaceDoubleEncryption.run(cache, {}, (err, results) => {
+                expect(results.length).to.equal(1);
+                expect(results[0].status).to.equal(0);
+                expect(results[0].message).to.include('Synapse workspace has double encryption enabled');
+                expect(results[0].region).to.equal('eastus');
+                done();
+            });
+        });
+
+        it('should give failing result if workspace does not have double encryption enabled', function (done) {
+            const cache = createCache([workspaces[0]], null);
+            workspaceDoubleEncryption.run(cache, {}, (err, results) => {
+                expect(results.length).to.equal(1);
+                expect(results[0].status).to.equal(2);
+                expect(results[0].message).to.include('Synapse workspace does not have double encryption enabled');
+                expect(results[0].region).to.equal('eastus');
+                done();
+            });
+        });
+    });
+});
\ No newline at end of file