Forum Discussion
Solved
Encryption of data at rest in Azure
Hello, While checking the Azure documentation on data encryption I read about tenant root keys (https://learn.microsoft.com/en-us/azure/information-protection/plan-implement-tenant-key#tenant-root-k...
- Hi!
Yes 🙂 Data at rest in Azure is typically encrypted with one layer of encryption, where the data encryption keys (DEKs) are managed by Azure and stored encrypted with the tenant root key. However, Double Key Encryption (DKE) provides an option for double encryption by allowing clients to encrypt the data with their own key before Azure adds another layer of encryption with the tenant root key.
Yes, your understanding is correct:
Azure Data Encryption-at-Rest - Azure Security | Microsoft Learn