0

In Azure we have "SQL Database" and "SQL Server" - within SQL Database there is a toggle which states it will enable or disable transparent data encryption, first screenshot.

SQL Database TDE

So an internal audit has flagged this as a risk, but the DB guys refer to the fact the CMK is enabled at "SQL Server" level, second screen shot.

SQL Server TDE

Which has me pondering is the setting at "SQL Database" level entirely irrelevant? What does it actually do?

asked Jan 27, 2023 at 11:26
1
  • 1
    They're the same setting. Azure SQL Database just manages it for you. Commented Jan 27, 2023 at 15:12

1 Answer 1

0

You can enable/disable TDE for each database in the database settings, but how the TDE keys are protected has to be set at the server level. Per Microsoft's documentation:

For Azure SQL Database and Azure Synapse Analytics, the TDE protector is set at the server level and is inherited by all encrypted databases associated with that server.

Source: https://learn.microsoft.com/en-us/azure/azure-sql/database/transparent-data-encryption-byok-overview?view=azuresql

answered Feb 22, 2023 at 19:21

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.