Today, we are excited to announce the preview of Storage Service Encryption (SSE) for Azure File Storage. When you enable Storage Service Encryption for Azure File Storage your data is automatically encrypted for you.
Azure File Storage is a fully managed service providing distributed and cross platform storage. IT organizations can lift and shift their on premises file shares to the cloud using Azure Files, by simply pointing the applications to Azure file share path. Thus, enterprises can start leveraging cloud without having to incur development costs to adopt cloud storage. Azure Files now offers encryption of data at rest capability.
Microsoft handles all the encryption, decryption and key management in a fully transparent fashion. All data is encrypted using 256-bit AES encryption, also known as AES-256, one of the strongest block ciphers available. Customers can enable this feature on all available redundancy types of Azure File Storage – LRS and GRS.
During preview, the feature can only be enabled for newly created Azure Resource Manager (ARM) Storage accounts.
You can enable this feature on Azure Resource Manager storage account using the Azure Portal. We plan to have the Azure Powershell, Azure CLI or the Microsoft Azure Storage Resource Provider API for enabling encryption for file storage by end of February. There is no additional charge for enabling this feature.
Find out more about Storage Service Encryption. You can also reach out to ssediscussions@microsoft.com for additional questions on the preview.