We are excited to announce the preview of Azure Storage Service Encryption for data at rest. This capability is one of the features most requested by enterprise customers looking to protect sensitive data as part of their regulatory or compliance needs.
Storage Service Encryption automatically encrypts your Azure Blob storage data prior to persisting to storage and decrypts prior to retrieval. The encryption, decryption and key management is transparent to users, requires no changes to your applications, and frees your engineering team from having to implement complex key management processes.
This capability is supported for all Azure Blob storage – Block blobs, Append blobs, and Page blobs – and is enabled through configuration on each storage account. This capability is available for storage accounts created through Azure Resource Manager (ARM). All data is encrypted using 256-bit AES encryption, also known as AES-256, one of the strongest block ciphers available. Customers can enable this feature on all available redundancy types of Azure Storage – LRS, ZRS, GRS and RA-GRS. Storage Service Encryption is also supported for both Standard and Premium Storage. There is no additional charge for enabling this feature.
As with most previews, this should not be used for production workloads until the feature becomes Generally Available.
To learn more please visit Storage Service Encryption.