Azure Storage Encryption
E937636
Azure Storage Encryption is a Microsoft Azure feature that automatically encrypts data at rest in storage accounts using managed or customer-managed keys to enhance data security and compliance.
Statements (47)
| Predicate | Object |
|---|---|
| instanceOf |
Azure Storage feature
ⓘ
cloud security feature ⓘ |
| aimsTo |
enhance data security
ⓘ
support regulatory compliance ⓘ |
| allows |
revocation of customer-managed keys
ⓘ
rotation of customer-managed keys ⓘ |
| appliesTo | Azure Storage accounts NERFINISHED ⓘ |
| defaultState | enabled by default for new storage accounts ⓘ |
| developedBy | Microsoft ⓘ |
| doesNotRequire | application code changes for basic use ⓘ |
| encrypts |
Azure Blob Storage data
ⓘ
Azure Files data ⓘ Azure Queue Storage data ⓘ Azure Table Storage data ⓘ managed disks data when used with Storage ⓘ |
| enforces | server-side encryption ⓘ |
| isRecommendedFor | all production Azure Storage workloads ⓘ |
| isTransparentTo | applications ⓘ |
| partOf |
Azure Storage
NERFINISHED
ⓘ
Microsoft Azure NERFINISHED ⓘ |
| protects | data at rest ⓘ |
| protectsAgainst | unauthorized access to data at rest ⓘ |
| provides | encryption at rest ⓘ |
| regionAvailability | all Azure public regions ⓘ |
| scope |
all data in a storage account
ⓘ
data in transit between storage service and disk ⓘ |
| supports |
Azure CLI configuration
ⓘ
Azure China regions NERFINISHED ⓘ Azure Government regions NERFINISHED ⓘ Azure Resource Manager templates configuration ⓘ Microsoft-managed keys ⓘ Portal-based configuration ⓘ PowerShell configuration ⓘ customer-managed keys ⓘ encryption for both HDD and SSD-backed storage ⓘ encryption for both standard and premium storage tiers ⓘ encryption of both data and metadata ⓘ encryption of data in all redundancy options ⓘ geo-redundant storage encryption ⓘ per-tenant key management via Key Vault ⓘ |
| supportsComplianceWith |
industry regulations
ⓘ
organizational security policies ⓘ |
| uses |
AES-256 encryption
ⓘ
Azure Key Vault NERFINISHED ⓘ Azure Key Vault Managed HSM NERFINISHED ⓘ data encryption keys protected by key-encryption keys ⓘ per-service encryption keys within a storage account ⓘ |
Referenced by (1)
Full triples — surface form annotated when it differs from this entity's canonical label.