Enable Transparent Data Encryption (TDE) for Stretch Database on Azure
Transparent Data Encryption (TDE) helps protect against the threat of malicious activity by performing real-time encryption and decryption of the database, associated backups, and transaction log files at rest without requiring changes to the application.
TDE encrypts the storage of an entire database by using a symmetric key called the database encryption key. The database encryption key is protected by a built-in server certificate. The built-in server certificate is unique for each Azure server. Microsoft automatically rotates these certificates at least every 90 days. For a general description of TDE, see Transparent Data Encryption (TDE).
Enabling Encryption
To enable TDE for an Azure database that's storing the data migrated from a Stretch-enabled SQL Server database, do the following things:
- Open the database in the Azure portal
- In the database blade, click the Settings button
- Select the Transparent data encryption option
- Select the On setting, and then select Save
Disabling Encryption
To disable TDE for an Azure database that's storing the data migrated from a Stretch-enabled SQL Server database, do the following things:
- Open the database in the Azure portal
- In the database blade, click the Settings button
- Select the Transparent data encryption option
- Select the Off setting, and then select Save
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for