| title | description | services | documentationcenter | ms.assetid | ms.service | ms.workload | ms.tgt_pltfrm | ms.topic | ms.date | author | ms.author | ms.reviewer | manager | ms.custom |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Enable Transparent Data Encryption for Stretch Database |
Enable Transparent Data Encryption (TDE) for SQL Server Stretch Database on Azure |
sql-server-stretch-database |
a44ed8f5-b416-4c41-9b1e-b7271f10bdc3 |
sql-server-stretch-database |
data-management |
na |
article |
06/14/2016 |
blazem-msft |
blazem |
jroth |
jroth |
seo-lt-2019 |
[!div class="op_single_selector"]
Transparent Data Encryption (TDE) helps protect against the threat of malicious activity by performing real-time encryption and decryption of the database, associated backups, and transaction log files at rest without requiring changes to the application.
TDE encrypts the storage of an entire database by using a symmetric key called the database encryption key. The database encryption key is protected by a built-in server certificate. The built-in server certificate is unique for each Azure server. Microsoft automatically rotates these certificates at least every 90 days. For a general description of TDE, see Transparent Data Encryption (TDE).
To enable TDE for an Azure database that's storing the data migrated from a Stretch-enabled SQL Server database, do the following things:
- Open the database in the Azure portal
- In the database blade, click the Settings button
- Select the Transparent data encryption option
- Select the On setting, and then select Save
To disable TDE for an Azure database that's storing the data migrated from a Stretch-enabled SQL Server database, do the following things:
- Open the database in the Azure portal
- In the database blade, click the Settings button
- Select the Transparent data encryption option
- Select the Off setting, and then select Save