{"id":17762,"date":"2020-08-25T12:22:41","date_gmt":"2020-08-25T12:22:41","guid":{"rendered":"https:\/\/www.testpreptraining.com\/tutorial\/?page_id=17762"},"modified":"2022-04-05T11:30:33","modified_gmt":"2022-04-05T11:30:33","slug":"transparent-data-encryption-for-sql-database","status":"publish","type":"page","link":"https:\/\/www.testpreptraining.ai\/tutorial\/transparent-data-encryption-for-sql-database\/","title":{"rendered":"Transparent Data Encryption for SQL Database"},"content":{"rendered":"\n<p><a href=\"https:\/\/www.testpreptraining.ai\/tutorial\/exam-az-500-microsoft-azure-security-technologies\/\" target=\"_blank\" rel=\"noreferrer noopener\">Go back to AZ-500 Tutorials<\/a><\/p>\n\n\n\n<p>In this tutorial, we will learn how Transparent data encryption (TDE) protects the Azure SQL Database and Azure SQL Managed Instance. <\/p>\n\n\n\n<p>TDE, on the other hand, encrypts and decrypts the database, backups, and transaction log files in the background without needing modifications to the program. TDE is enabled by default for all newly created SQL Databases, however, it must be activated explicitly for older Azure SQL Database and Azure SQL Managed Instance databases. Further:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>TDE has the capacity to execute data encryption and decryption at the page level in real time. When reading into memory, however, each page decrypts. <\/li><li>Secondly, TDE encrypts a complete database&#8217;s storage with a symmetric key called the Database Encryption Key (DEK). The DEK encryptions get decrypt when the database begins. This is also important for the SQL Server database engine process&#8217;s decryption and re-encryption of database files. <\/li><li>TDE protector safeguards a DEK in Azure Key Vault that is either a service-managed certificate or an asymmetric key.<\/li><li>Lastly, the TDE protector is also configured at the server level for Azure SQL Database and Azure Synapse, and it is inherited by all databases linked with that server. The TDE protector is set at the instance level for Azure SQL Manageable Instance, and all encrypted databases on that instance inherit it.<\/li><\/ul>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Service-managed transparent data encryption<\/strong><\/h4>\n\n\n\n<p>In Azure, the default setting for TDE is that the DEK is safe and secure by a built-in server certificate. However, the built-in server certificate is unique for each server and the encryption algorithm is AES 256. And, if a database is in a geo-replication relationship, both the primary and geo-secondary databases gets protection by the primary database&#8217;s parent server key. Moreover, if two databases connect to the same server, then they also share the same built-in certificate.<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-full\"><a href=\"https:\/\/www.testpreptraining.ai\/microsoft-azure-security-technologies-az-500-free-practice-test\" target=\"_blank\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" width=\"961\" height=\"150\" src=\"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2020\/08\/AZ_500-practice-tests-12.png\" alt=\"AZ-500 Practice tests\" class=\"wp-image-18004\" srcset=\"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2020\/08\/AZ_500-practice-tests-12.png 961w, https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2020\/08\/AZ_500-practice-tests-12-750x117.png 750w\" sizes=\"auto, (max-width: 961px) 100vw, 961px\" \/><\/a><\/figure><\/div>\n\n\n\n<p>&nbsp;<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Customer-manageable transparent data encryption<\/strong><\/h4>\n\n\n\n<p>Customer-manageable TDE refers to Bring Your Own Key (BYOK) support for TDE. The TDE Protector that encrypts the DEK in this case is a customer-controlled asymmetric key that gets stored in a customer-owned and managed Azure Key Vault and never leaves it. Moreover, the TDE Protector can generate through the key vault or transferred to the key vault from an on-premises hardware security module (HSM) device. And, if permissions of the server to the key vault revokes, a database will be inaccessible, and all data gets encrypts.<\/p>\n\n\n\n<p>With TDE with Azure Key Vault integration, users can control key management tasks as well as key rotations, key vault permissions, key backups. However, key vVault provides central key management, leverages tightly monitored HSMs, and enables separation of duties between management of keys and data to help meet compliance with security policies.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Moving a transparent data encryption-protected database<\/strong><\/h4>\n\n\n\n<p>There is no need to decrypt databases for operations within Azure. However, the TDE settings on the source database or primary database transparently inherit on the target. Operations in this are:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Geo-restore<\/li><li>Self-service point-in-time restore<\/li><li>Restoration of a deleted database<\/li><li>Active geo-replication<\/li><li>Creation of a database copy<\/li><li>Restoring backup file to Azure SQL Managed Instance<\/li><\/ul>\n\n\n\n<p>However, when you export a TDE-protect database, then the content of the database does not encrypt.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Managing transparent data encryption<\/strong><\/h4>\n\n\n\n<h5 class=\"wp-block-heading\"><strong>The Azure portal<\/strong><\/h5>\n\n\n\n<p><em>Managing TDE in the Azure portal.<\/em><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Firstly, for configuring TDE through the Azure portal, you must connect as the Azure Owner, Contributor, or SQL Security Manager.<\/li><li>Enabling and disabling TDE on the database level. For Azure SQL Managed Instance use Transact-SQL (T-SQL) for turning TDE on and off on a database. Find the TDE settings under your user database. By default, it uses ervice-manageable transparent data encryption.<\/li><li>Then, set the TDE master key, known as the TDE protector, at the server or instance level. For using TDE with BYOK support and protect your databases with a key from Key Vault.<\/li><\/ul>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-full\"><a href=\"https:\/\/www.testpreptraining.ai\/microsoft-azure-security-technologies-az-500-practice-exam\" target=\"_blank\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" width=\"961\" height=\"150\" src=\"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2020\/08\/AZ-500-online-course-14.png\" alt=\"Az-500 online course transparent data encryption concept\" class=\"wp-image-17765\" srcset=\"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2020\/08\/AZ-500-online-course-14.png 961w, https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2020\/08\/AZ-500-online-course-14-750x117.png 750w\" sizes=\"auto, (max-width: 961px) 100vw, 961px\" \/><\/a><\/figure><\/div>\n\n\n\n<p class=\"has-text-align-right\"><strong>Reference: <\/strong><a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/azure-sql\/database\/transparent-data-encryption-tde-overview?tabs=azure-portal\" target=\"_blank\" rel=\"noreferrer noopener\">Microsoft Documentation<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/www.testpreptraining.ai\/tutorial\/exam-az-500-microsoft-azure-security-technologies\/\" target=\"_blank\" rel=\"noreferrer noopener\"><a href=\"https:\/\/www.testpreptraining.ai\/tutorial\/exam-az-500-microsoft-azure-security-technologies\/\" target=\"_blank\" rel=\"noreferrer noopener\">Go back to AZ-500 Tutorials<\/a><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Go back to AZ-500 Tutorials In this tutorial, we will learn how Transparent data encryption (TDE) protects the Azure SQL Database and Azure SQL Managed Instance. TDE, on the other hand, encrypts and decrypts the database, backups, and transaction log files in the background without needing modifications to the program. TDE is enabled by default&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"footnotes":""},"categories":[],"tags":[],"class_list":["post-17762","page","type-page","status-publish","hentry"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.1 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Transparent Data Encryption for SQL Database | AZ-500 Tutorials<\/title>\n<meta name=\"description\" content=\"Learn and understand about transparent Data Encryption for SQL Database using Microsoft AZ-500 online course and Practice Exam Now!\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.testpreptraining.ai\/tutorial\/transparent-data-encryption-for-sql-database\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Transparent Data Encryption for SQL Database | AZ-500 Tutorials\" \/>\n<meta property=\"og:description\" content=\"Learn and understand about transparent Data Encryption for SQL Database using Microsoft AZ-500 online course and Practice Exam Now!\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.testpreptraining.ai\/tutorial\/transparent-data-encryption-for-sql-database\/\" \/>\n<meta property=\"og:site_name\" content=\"Testprep Training Tutorials\" \/>\n<meta property=\"article:modified_time\" content=\"2022-04-05T11:30:33+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2020\/08\/AZ_500-practice-tests-12.png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/transparent-data-encryption-for-sql-database\/\",\"url\":\"https:\/\/www.testpreptraining.ai\/tutorial\/transparent-data-encryption-for-sql-database\/\",\"name\":\"Transparent Data Encryption for SQL Database | AZ-500 Tutorials\",\"isPartOf\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#website\"},\"datePublished\":\"2020-08-25T12:22:41+00:00\",\"dateModified\":\"2022-04-05T11:30:33+00:00\",\"description\":\"Learn and understand about transparent Data Encryption for SQL Database using Microsoft AZ-500 online course and Practice Exam Now!\",\"breadcrumb\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/transparent-data-encryption-for-sql-database\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.testpreptraining.ai\/tutorial\/transparent-data-encryption-for-sql-database\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/transparent-data-encryption-for-sql-database\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.testpreptraining.ai\/tutorial\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Transparent Data Encryption for SQL Database\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#website\",\"url\":\"https:\/\/www.testpreptraining.ai\/tutorial\/\",\"name\":\"Testprep Training Tutorials\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.testpreptraining.ai\/tutorial\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#organization\",\"name\":\"Testprep Training\",\"url\":\"https:\/\/www.testpreptraining.ai\/tutorial\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png\",\"contentUrl\":\"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png\",\"width\":583,\"height\":153,\"caption\":\"Testprep Training\"},\"image\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Transparent Data Encryption for SQL Database | AZ-500 Tutorials","description":"Learn and understand about transparent Data Encryption for SQL Database using Microsoft AZ-500 online course and Practice Exam Now!","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.testpreptraining.ai\/tutorial\/transparent-data-encryption-for-sql-database\/","og_locale":"en_US","og_type":"article","og_title":"Transparent Data Encryption for SQL Database | AZ-500 Tutorials","og_description":"Learn and understand about transparent Data Encryption for SQL Database using Microsoft AZ-500 online course and Practice Exam Now!","og_url":"https:\/\/www.testpreptraining.ai\/tutorial\/transparent-data-encryption-for-sql-database\/","og_site_name":"Testprep Training Tutorials","article_modified_time":"2022-04-05T11:30:33+00:00","og_image":[{"url":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2020\/08\/AZ_500-practice-tests-12.png"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/transparent-data-encryption-for-sql-database\/","url":"https:\/\/www.testpreptraining.ai\/tutorial\/transparent-data-encryption-for-sql-database\/","name":"Transparent Data Encryption for SQL Database | AZ-500 Tutorials","isPartOf":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#website"},"datePublished":"2020-08-25T12:22:41+00:00","dateModified":"2022-04-05T11:30:33+00:00","description":"Learn and understand about transparent Data Encryption for SQL Database using Microsoft AZ-500 online course and Practice Exam Now!","breadcrumb":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/transparent-data-encryption-for-sql-database\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.testpreptraining.ai\/tutorial\/transparent-data-encryption-for-sql-database\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/transparent-data-encryption-for-sql-database\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.testpreptraining.ai\/tutorial\/"},{"@type":"ListItem","position":2,"name":"Transparent Data Encryption for SQL Database"}]},{"@type":"WebSite","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#website","url":"https:\/\/www.testpreptraining.ai\/tutorial\/","name":"Testprep Training Tutorials","description":"","publisher":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.testpreptraining.ai\/tutorial\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#organization","name":"Testprep Training","url":"https:\/\/www.testpreptraining.ai\/tutorial\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/","url":"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png","contentUrl":"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png","width":583,"height":153,"caption":"Testprep Training"},"image":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages\/17762","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/comments?post=17762"}],"version-history":[{"count":5,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages\/17762\/revisions"}],"predecessor-version":[{"id":54165,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages\/17762\/revisions\/54165"}],"wp:attachment":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/media?parent=17762"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/categories?post=17762"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/tags?post=17762"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}