Skip to content

Use SQL database TDE#

Security · SQL Database · Azure.SQL.TDE

Use Transparent Data Encryption (TDE) with Azure SQL Database.


TDE helps protect Azure SQL Databases against malicious offline access by encrypting data at rest. SQL Databases perform real-time encryption and decryption of the database, backups, and log files. Encryption is perform at rest without requiring changes to the application.


Consider enable Transparent Data Encryption (TDE) for Azure SQL Databases to perform encryption at rest.


Configure with Azure template#

    "type": "Microsoft.Sql/servers/databases",
    "apiVersion": "2020-08-01-preview",
    "name": "[variables('dbName')]",
    "location": "[parameters('location')]",
    "sku": {
        "name": "[parameters('sku')]"
    "kind": "v12.0,user",
    "properties": {
        "collation": "SQL_Latin1_General_CP1_CI_AS",
        "maxSizeBytes": "[mul(parameters('maxSizeMB'), 1048576)]",
        "catalogCollation": "SQL_Latin1_General_CP1_CI_AS",
        "zoneRedundant": false,
        "readScale": "Disabled",
        "storageAccountType": "GRS"
    "resources": [
            "type": "Microsoft.Sql/servers/databases/transparentDataEncryption",
            "apiVersion": "2014-04-01",
            "name": "[concat(variables('dbName'), '/current')]",
            "location": "[parameters('location')]",
            "dependsOn": [
                "[resourceId('Microsoft.Sql/servers/databases', parameters('serverName'), parameters('databaseName'))]"
            "properties": {
                "status": "Enabled"

Configure with Azure CLI#

az sql db tde set --status Enabled -s '<server_name>' -d '<database>' -g '<resource_group>'

Configure with Azure PowerShell#

Set-AzSqlDatabaseTransparentDataEncryption -ResourceGroupName '<resource_group>' -ServerName '<server_name>' -DatabaseName '<database>' -State Enabled

Last update: 2021-09-24