Forum Discussion
Solved
Encryption of data at rest in Azure
Hello, While checking the Azure documentation on data encryption I read about tenant root keys (https://learn.microsoft.com/en-us/azure/information-protection/plan-implement-tenant-key#tenant-root-k...
- Hi!
Yes 🙂 Data at rest in Azure is typically encrypted with one layer of encryption, where the data encryption keys (DEKs) are managed by Azure and stored encrypted with the tenant root key. However, Double Key Encryption (DKE) provides an option for double encryption by allowing clients to encrypt the data with their own key before Azure adds another layer of encryption with the tenant root key.
Hi!
Yes 🙂 Data at rest in Azure is typically encrypted with one layer of encryption, where the data encryption keys (DEKs) are managed by Azure and stored encrypted with the tenant root key. However, Double Key Encryption (DKE) provides an option for double encryption by allowing clients to encrypt the data with their own key before Azure adds another layer of encryption with the tenant root key.
Yes 🙂 Data at rest in Azure is typically encrypted with one layer of encryption, where the data encryption keys (DEKs) are managed by Azure and stored encrypted with the tenant root key. However, Double Key Encryption (DKE) provides an option for double encryption by allowing clients to encrypt the data with their own key before Azure adds another layer of encryption with the tenant root key.
- Hello,
Looking more into the Azure documentation, it seems there is infrastructure encryption (https://learn.microsoft.com/en-us/azure/security/fundamentals/double-encryption) that can apply the second layer of encryption. It can be activated for several services (e.g. Azure storage, Azure disk storage).
