Search the Petri IT Knowledgebase
search icon

close

Windows

Cloud

Microsoft 365

PowerShell

Active Directory

Security

Windows Server

Video
Icon for WEBINAR ON-DEMAND!

WEBINAR ON-DEMAND!

Blocking Advanced Web Attacks with WAF

Icon for GET-IT Conference coming soon!!

GET-IT Conference coming soon!!

Threat Detection & The Role of Operational Resilie...

Icon for New Whitepaper sheds light on …

New Whitepaper sheds light on …

Best Practices for IT SaaS portfolio management

Icon for New podcast from Stephen Rose!

New podcast from Stephen Rose!

Unplugging What's Next for Teams 2.0

Home

Cloud Computing

Microsoft Azure: Enable Encryption for Data at Rest

Russell Smith

 |

Mar 24, 2017

In today’s Ask the Admin, I’ll show you how to enable encryption for blob storage in Microsoft Azure.

Microsoft announced the availability of Storage Service Encryption (SSE) in September 2016. This service allows you to add 256-bit AES encryption to new or existing storage accounts. Azure encrypts and decrypts data transparently to users and applications, as well as managing the service keys for you. Microsoft is also working on an option that will allow you to manage the service keys yourself.

 

 

Data is encrypted as it is written or rewritten to disk. This means that if you want to encrypt an entire blob, encryption needs to be enabled from the get go. Microsoft claims that the performance hit associated with SSE is inconsequential. Additionally, SSE is only supported for Azure Resource Manager (ARM) storage and blob storage accounts (i.e., those created using the new management portal or ARM PowerShell cmdlets).

SSE is available for blob storage in all regions. SSE for Azure File Service is available in preview. At the time of writing this article, SSE for Azure File Service can only be enabled for newly created ARM storage accounts in East US, East US2, Central US, North Central US, South Central US, West Central US, West US, West US2, East Asia, North Europe, West Europe, Australia East, and Australia Southeast regions. For more details on Azure storage accounts, see Understanding Azure Storage: Managed Disks and Storage Accounts on the Petri IT Knowledgebase.

Enable Encryption for Blob Storage

Before enabling encryption, you’ll need at least one storage account. For more information on creating storage accounts, see Create an Azure Premium Storage Account on Petri. For the purposes of this demonstration, a standard tier storage account can be used.

  • Log into the Azure management portal.
  • Click More services at the bottom of the panel on the left of the management portal window.
  • Type storage in the box at the top of the new panel, and then click Storage accounts in the results.
  • Click your storage account in the Storage accounts pane.
  • On the Storage account panel, click Encryption under BLOB SERVICE.
  • Toggle the Storage service encryption switch to Enabled, and then click Save at the top of the panel.
Enable Storage Service Encryption (SSE) in Azure (Image Credit: Russell Smith)

Enable Storage Service Encryption (SSE) in Azure (Image Credit: Russell Smith)

Azure will take a few moments to update the encryption settings for the storage account. If encryption is later disabled, new writes will not be encrypted. Keep in mind, existing data remains encrypted unless it gets rewritten to disk.

In this article, I showed you how to enable encryption in Azure for data at rest.

Petri Newsletters

Whether it’s Security or Cloud Computing, we have the know-how for you. Sign up for our newsletters here.

More in Cloud Computing

Cloud Computing

Microsoft Dev Box Adds New Features Ahead of its General Availability in July

May 23, 2023 | Laurent Giret

Datacenter networking servers

Microsoft Changes Windows Server 2022 Licensing Policies

Apr 26, 2023 | Rabia Noureen

Cloud Computing

Cloud Computing and the Energy Crisis: Is Building More Data Centers Sustainable?

Mar 17, 2023 | Aidan Finn

Cloud Computing

Cloud Repatriation: Is It a Risk For Microsoft Azure?

Feb 9, 2023 | Aidan Finn

Security

How to Secure Sensitive Data in Microsoft 365

Feb 8, 2023 | Peter Rising

AWS CTO Takes on ChatGPT Over Cybersecurity

Feb 3, 2023 | Michael Otey

Most popular on petri

Article saved!

Access saved content from your profile page. View Saved

Reach out

Learn More

Sitemap

Join The Conversation

Create a free account today to participate in forum conversations, comment on posts and more.

Copyright ©2019 BWW Media Group

Terms and Conditions of Use

 |

Privacy Policy