Transparent Data Encryption with customer-managed keys for SQL Database Hyperscale
Published date: 09 December, 2020
Transparent data encryption (TDE) helps protect Azure SQL Database, Azure SQL Managed Instance, and Synapse SQL in Azure Synapse Analytics against the threat of malicious offline activity by encrypting data at rest.
For the Hyperscale service tier in Azure SQL Database, TDE with bring your own key (BYOK) support is now in general availability. TDE with BYOK improves on service-managed keys by giving you full and granular control over usage and management of the key used for encryption of the Database Encryption Key (DEK), also known as TDE protector. The Azure Key Vault feature, along with providing a higher level of security assurance for government and financial customers via optional FIPS 140-2 Level 2 and Level 3 validated hardware security modules.