{"id":3119,"date":"2018-01-24T00:00:00","date_gmt":"2018-01-24T00:00:00","guid":{"rendered":"https:\/\/azure.microsoft.com\/blog\/azure-search-enterprise-security-data-encryption-and-user-identity-access-control"},"modified":"2025-06-27T08:06:19","modified_gmt":"2025-06-27T15:06:19","slug":"azure-search-enterprise-security-data-encryption-and-user-identity-access-control","status":"publish","type":"post","link":"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-search-enterprise-security-data-encryption-and-user-identity-access-control\/","title":{"rendered":"Azure Search enterprise security: Data encryption and user-identity access control"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">Enterprise security requires a comprehensive approach for defense in depth. Effective immediately, Azure Search now supports encryption at rest for all incoming data indexed on or after January 24, 2018, in all regions and SKUs including shared (free) services. With this announcement, encryption now extends throughout the entire indexing pipeline \u2013 from connection, through transmission, and down to indexed data stored in Azure Search.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">At query time, you can implement user-identity access controls that trim search results of documents that the requestor is not authorized to see. Enhancements to filters enable integration with <a href=\"https:\/\/docs.microsoft.com\/azure\/search\/search-security-trimming-for-azure-search\">third-party authentication providers<\/a>, as well as <a href=\"https:\/\/docs.microsoft.com\/azure\/search\/search-security-trimming-for-azure-search-with-aad\">integration with Azure Active Directory<\/a>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"encryption-at-rest-on-by-default\">Encryption at rest, on by default<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">All indexing includes encryption on the backend automatically with no measurable impact on indexing workloads or size. This applies to newly indexed documents only. For existing content, you have to re-index to gain encryption. Encryption status of any given index is not visible in the portal, nor available through the API. However, if you indexed after January 24, 2018, data is already encrypted.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"managed-by-microsoft\">Managed by Microsoft<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">In the context of Azure Search, all aspects of encryption, decryption, and key management are internal. You cannot turn it on or off, manage or substitute your own keys, or view encryption settings in the portal or programmatically. Internally, encryption is based on <a href=\"https:\/\/docs.microsoft.com\/azure\/storage\/common\/storage-service-encryption\">Azure Storage Service Encryption<\/a>, using 256-bit <a href=\"https:\/\/en.wikipedia.org\/wiki\/Advanced_Encryption_Standard\">AES encryption<\/a>, one of the strongest block ciphers available.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Effective immediately, Azure Search now supports encryption at rest for all incoming data indexed on or after January 24, 2018\u2026.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"ms_queue_id":[],"ep_exclude_from_search":false,"_classifai_error":"","_classifai_text_to_speech_error":"","_alt_title":"","footnotes":"","msx_community_cta_settings":[]},"categories":[1454],"tags":[],"audience":[3057,3055,3056],"content-type":[1465],"product":[2757],"tech-community":[],"topic":[],"coauthors":[488],"class_list":["post-3119","post","type-post","status-publish","format-standard","hentry","category-ai-machine-learning","audience-data-professionals","audience-developers","audience-it-implementors","content-type-announcements","product-azure-ai-search","review-flag-free-1680286579-836"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.2 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Azure Search enterprise security: Data encryption and user-identity access control | Microsoft Azure Blog<\/title>\n<meta name=\"description\" content=\"Effective immediately, Azure Search now supports encryption at rest for all incoming data indexed on or after January 24, 2018\u2026\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-search-enterprise-security-data-encryption-and-user-identity-access-control\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Azure Search enterprise security: Data encryption and user-identity access control | Microsoft Azure Blog\" \/>\n<meta property=\"og:description\" content=\"Effective immediately, Azure Search now supports encryption at rest for all incoming data indexed on or after January 24, 2018\u2026\" \/>\n<meta property=\"og:url\" content=\"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-search-enterprise-security-data-encryption-and-user-identity-access-control\/\" \/>\n<meta property=\"og:site_name\" content=\"Microsoft Azure Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/microsoftazure\" \/>\n<meta property=\"article:published_time\" content=\"2018-01-24T00:00:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-06-27T15:06:19+00:00\" \/>\n<meta name=\"author\" content=\"Liam Cavanagh\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@azure\" \/>\n<meta name=\"twitter:site\" content=\"@azure\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Liam Cavanagh\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-search-enterprise-security-data-encryption-and-user-identity-access-control\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-search-enterprise-security-data-encryption-and-user-identity-access-control\/\"},\"author\":[{\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/author\/liam-cavanagh\/\",\"@type\":\"Person\",\"@name\":\"Liam Cavanagh\"}],\"headline\":\"Azure Search enterprise security: Data encryption and user-identity access control\",\"datePublished\":\"2018-01-24T00:00:00+00:00\",\"dateModified\":\"2025-06-27T15:06:19+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-search-enterprise-security-data-encryption-and-user-identity-access-control\/\"},\"wordCount\":239,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/#organization\"},\"articleSection\":[\"AI + machine learning\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-search-enterprise-security-data-encryption-and-user-identity-access-control\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-search-enterprise-security-data-encryption-and-user-identity-access-control\/\",\"url\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-search-enterprise-security-data-encryption-and-user-identity-access-control\/\",\"name\":\"Azure Search enterprise security: Data encryption and user-identity access control | Microsoft Azure Blog\",\"isPartOf\":{\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/#website\"},\"datePublished\":\"2018-01-24T00:00:00+00:00\",\"dateModified\":\"2025-06-27T15:06:19+00:00\",\"description\":\"Effective immediately, Azure Search now supports encryption at rest for all incoming data indexed on or after January 24, 2018\u2026\",\"breadcrumb\":{\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-search-enterprise-security-data-encryption-and-user-identity-access-control\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-search-enterprise-security-data-encryption-and-user-identity-access-control\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-search-enterprise-security-data-encryption-and-user-identity-access-control\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Blog home\",\"item\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"AI + machine learning\",\"item\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/category\/ai-machine-learning\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Azure Search enterprise security: Data encryption and user-identity access control\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/#website\",\"url\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/\",\"name\":\"Microsoft Azure Blog\",\"description\":\"Get the latest Azure news, updates, and announcements from the Azure blog. From product updates to hot topics, hear from the Azure experts.\",\"publisher\":{\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/#organization\",\"name\":\"Microsoft Azure Blog\",\"url\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2024\/06\/microsoft_logo.webp\",\"contentUrl\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2024\/06\/microsoft_logo.webp\",\"width\":512,\"height\":512,\"caption\":\"Microsoft Azure Blog\"},\"image\":{\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/microsoftazure\",\"https:\/\/x.com\/azure\",\"https:\/\/www.instagram.com\/microsoftdeveloper\/\",\"https:\/\/www.linkedin.com\/company\/16188386\",\"https:\/\/www.youtube.com\/user\/windowsazure\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/#\/schema\/person\/c702e5edd662b328b49b7e1180cab117\",\"name\":\"shakir\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/9342c7c05bb16548741bc5cd3a3e3b7ee0c8e746844ad2cc582db5beb5514c6f?s=96&d=mm&r=g7664e653ea371ce16eaf75e9fa8952c4\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/9342c7c05bb16548741bc5cd3a3e3b7ee0c8e746844ad2cc582db5beb5514c6f?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/9342c7c05bb16548741bc5cd3a3e3b7ee0c8e746844ad2cc582db5beb5514c6f?s=96&d=mm&r=g\",\"caption\":\"shakir\"},\"sameAs\":[\"https:\/\/azure.microsoft.com\"],\"url\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/author\/shakir\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Azure Search enterprise security: Data encryption and user-identity access control | Microsoft Azure Blog","description":"Effective immediately, Azure Search now supports encryption at rest for all incoming data indexed on or after January 24, 2018\u2026","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-search-enterprise-security-data-encryption-and-user-identity-access-control\/","og_locale":"en_US","og_type":"article","og_title":"Azure Search enterprise security: Data encryption and user-identity access control | Microsoft Azure Blog","og_description":"Effective immediately, Azure Search now supports encryption at rest for all incoming data indexed on or after January 24, 2018\u2026","og_url":"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-search-enterprise-security-data-encryption-and-user-identity-access-control\/","og_site_name":"Microsoft Azure Blog","article_publisher":"https:\/\/www.facebook.com\/microsoftazure","article_published_time":"2018-01-24T00:00:00+00:00","article_modified_time":"2025-06-27T15:06:19+00:00","author":"Liam Cavanagh","twitter_card":"summary_large_image","twitter_creator":"@azure","twitter_site":"@azure","twitter_misc":{"Written by":"Liam Cavanagh","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-search-enterprise-security-data-encryption-and-user-identity-access-control\/#article","isPartOf":{"@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-search-enterprise-security-data-encryption-and-user-identity-access-control\/"},"author":[{"@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/author\/liam-cavanagh\/","@type":"Person","@name":"Liam Cavanagh"}],"headline":"Azure Search enterprise security: Data encryption and user-identity access control","datePublished":"2018-01-24T00:00:00+00:00","dateModified":"2025-06-27T15:06:19+00:00","mainEntityOfPage":{"@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-search-enterprise-security-data-encryption-and-user-identity-access-control\/"},"wordCount":239,"commentCount":0,"publisher":{"@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/#organization"},"articleSection":["AI + machine learning"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/azure.microsoft.com\/en-us\/blog\/azure-search-enterprise-security-data-encryption-and-user-identity-access-control\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-search-enterprise-security-data-encryption-and-user-identity-access-control\/","url":"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-search-enterprise-security-data-encryption-and-user-identity-access-control\/","name":"Azure Search enterprise security: Data encryption and user-identity access control | Microsoft Azure Blog","isPartOf":{"@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/#website"},"datePublished":"2018-01-24T00:00:00+00:00","dateModified":"2025-06-27T15:06:19+00:00","description":"Effective immediately, Azure Search now supports encryption at rest for all incoming data indexed on or after January 24, 2018\u2026","breadcrumb":{"@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-search-enterprise-security-data-encryption-and-user-identity-access-control\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/azure.microsoft.com\/en-us\/blog\/azure-search-enterprise-security-data-encryption-and-user-identity-access-control\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-search-enterprise-security-data-encryption-and-user-identity-access-control\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog home","item":"https:\/\/azure.microsoft.com\/en-us\/blog\/"},{"@type":"ListItem","position":2,"name":"AI + machine learning","item":"https:\/\/azure.microsoft.com\/en-us\/blog\/category\/ai-machine-learning\/"},{"@type":"ListItem","position":3,"name":"Azure Search enterprise security: Data encryption and user-identity access control"}]},{"@type":"WebSite","@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/#website","url":"https:\/\/azure.microsoft.com\/en-us\/blog\/","name":"Microsoft Azure Blog","description":"Get the latest Azure news, updates, and announcements from the Azure blog. From product updates to hot topics, hear from the Azure experts.","publisher":{"@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/azure.microsoft.com\/en-us\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/#organization","name":"Microsoft Azure Blog","url":"https:\/\/azure.microsoft.com\/en-us\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2024\/06\/microsoft_logo.webp","contentUrl":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2024\/06\/microsoft_logo.webp","width":512,"height":512,"caption":"Microsoft Azure Blog"},"image":{"@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/microsoftazure","https:\/\/x.com\/azure","https:\/\/www.instagram.com\/microsoftdeveloper\/","https:\/\/www.linkedin.com\/company\/16188386","https:\/\/www.youtube.com\/user\/windowsazure"]},{"@type":"Person","@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/#\/schema\/person\/c702e5edd662b328b49b7e1180cab117","name":"shakir","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/9342c7c05bb16548741bc5cd3a3e3b7ee0c8e746844ad2cc582db5beb5514c6f?s=96&d=mm&r=g7664e653ea371ce16eaf75e9fa8952c4","url":"https:\/\/secure.gravatar.com\/avatar\/9342c7c05bb16548741bc5cd3a3e3b7ee0c8e746844ad2cc582db5beb5514c6f?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/9342c7c05bb16548741bc5cd3a3e3b7ee0c8e746844ad2cc582db5beb5514c6f?s=96&d=mm&r=g","caption":"shakir"},"sameAs":["https:\/\/azure.microsoft.com"],"url":"https:\/\/azure.microsoft.com\/en-us\/blog\/author\/shakir\/"}]}},"msxcm_display_generated_audio":false,"msxcm_animated_featured_image":null,"distributor_meta":false,"distributor_terms":false,"distributor_media":false,"distributor_original_site_name":"Microsoft Azure Blog","distributor_original_site_url":"https:\/\/azure.microsoft.com\/en-us\/blog","push-errors":false,"_links":{"self":[{"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/posts\/3119","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/comments?post=3119"}],"version-history":[{"count":1,"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/posts\/3119\/revisions"}],"predecessor-version":[{"id":44076,"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/posts\/3119\/revisions\/44076"}],"wp:attachment":[{"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/media?parent=3119"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/categories?post=3119"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/tags?post=3119"},{"taxonomy":"audience","embeddable":true,"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/audience?post=3119"},{"taxonomy":"content-type","embeddable":true,"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/content-type?post=3119"},{"taxonomy":"product","embeddable":true,"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/product?post=3119"},{"taxonomy":"tech-community","embeddable":true,"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/tech-community?post=3119"},{"taxonomy":"topic","embeddable":true,"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/topic?post=3119"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/coauthors?post=3119"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}