Newly created Azure SQL databases will be encrypted at rest by default
Posted on 02 May 2017
Starting today, we will encrypt all new Azure SQL databases with transparent data encryption by default, to make it easier for everyone to benefit from encryption at rest.
The change in default will happen gradually by region. Anyone who wants to leave specific databases unencrypted can still do so by turning off transparent data encryption after the database has been provisioned. This change in default doesn't affect existing databases and databases created through restore, geo-replication, and database copy.
Transparent data encryption in Azure SQL Database has been generally available for two years. Since then, it has been widely adopted by the SQL database community because of the encryption-at-rest protection that it provides against unauthorized access to the database storage (data files, log files, and backups), because of its transparent nature (no application changes needed), and because of its low impact on workload performance.
To learn more about transparent data encryption, see:
To learn more about other ways you can increase the security of your SQL databases, see Securing your SQL database.