Newly created Azure SQL databases will be encrypted at rest by default

02 May 2017

Starting today, we will encrypt all new Azure SQL databases with transparent data encryption by default, to make it easier for everyone to benefit from encryption at rest.

The change in default will happen gradually by region. Anyone who wants to leave specific databases unencrypted can still do so by turning off transparent data encryption after the database has been provisioned. This change in default doesn't affect existing databases and databases created through restore, geo-replication, and database copy.

Transparent data encryption in Azure SQL Database has been generally available for two years. Since then, it has been widely adopted by the SQL database community because of the encryption-at-rest protection that it provides against unauthorized access to the database storage (data files, log files, and backups), because of its transparent nature (no application changes needed), and because of its low impact on workload performance.

To learn more about transparent data encryption, see:

To learn more about other ways you can increase the security of your SQL databases, see Securing your SQL database.

Free account

Learn and build with $200 in credit, and keep going for free

Start for free

Visual Studio

Subscribers get up to $1800 per year of Azure services

Activate now

Start-ups

Join the BizSpark programme and get free Azure services

Learn more