encryption at lowest level RRS feed

  • Question

  • I understand encryption at rest as an option for example for Azure SQL, but what I would like find out is... is all data, no matter which Azure object it is related to, encrypted on persistent storage at the lowest HDD and SSD level ?  e.g. when MS have to replace a failed HDD or failed SSD, then is the data on that failed storage medium already encrypted ?  Thank you.
    Thursday, July 18, 2019 2:38 PM


All replies

  • Different Azure services may have different encryption-at-rest policies but for Azure storage in particular (since this is the azure storage forum), all data is encrypted at rest using an account specific key. There is also an option that you can configure for the data to be encrypted with a key provided by you.

    For more, please see here:

    Thursday, July 18, 2019 5:38 PM
  • @sdo123  Just checking in to see if the above answer helped. If this answers your query, do click “Mark as Answer” and Up-Vote for the same, which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.
    Monday, July 22, 2019 3:14 AM
  • Thanks Adam.  Thanks Sumanth.  The posted link gave a comprehensive description.
    Monday, July 22, 2019 1:52 PM