Today, we are excited to announce the general availability of Storage Service Encryption for Azure Files Storage.
Azure File Storage is a fully managed service providing distributed and cross platform storage. IT organizations can lift and shift on premises file shares to the cloud using Azure Files, by simply pointing the applications to Azure file share path. Thus, enterprises can start leveraging cloud without having to incur development costs to adopt cloud storage. Azure Files Storage is now the first fully managed file service offering encryption of data at rest.
This capability is one of the features most requested by enterprise customers looking to protect sensitive data as part of their regulatory or compliance needs (HIPAA and BAA compliant). Azure customers already benefit from Storage Service Encryption for Azure Blob Storage. Encryption support for Azure Tables and Queues will be coming by June.
Microsoft handles all the encryption, decryption and key management in a fully transparent fashion. All data is encrypted using 256-bit AES encryption, also known as AES-256, one of the strongest block ciphers available. Customers can enable this feature on all available redundancy types of Azure File Storage – LRS and GRS. There is no additional charge for enabling this feature.
You can enable this feature on any Azure Resource Manager storage account using the Azure Portal, Azure Powershell, Azure CLI or the Microsoft Azure Storage Resource Provider API.
Find out more about Storage Service Encryption with Service Managed Keys.