You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: learn-pr/wwl-azure/design-data-storage-solution-for-relational-data/includes/7-design-security-for-data-at-rest-data-transmission-data-use.md
+5-5Lines changed: 5 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -19,19 +19,19 @@ There are different encryption methods for each of data state. The following tab
19
19
20
20
| Data state | Encryption method | Encryption level |
21
21
| --- | --- |
22
-
|**Data at rest**| Transparent data encryption (TDE) | Always encrypted. |
23
-
|**Data in motion**|Secure Socket Layers and Transport Layer Security (SSL/TLS) | Always encrypted. |
24
-
|**Data in process**| Dynamic data masking | Specific data is unencrypted. Remaining data is encrypted. |
22
+
|**Data at rest**| Transparent data encryption (TDE) | Always encrypted. |
23
+
|**Data in motion**| Transport Layer Security (TLS 1.2 or higher) | Always encrypted. |
24
+
|**Data in process**| Dynamic data masking | Specific data is unencrypted. Remaining data is encrypted. |
25
25
26
26
### Things to know about data encryption
27
27
28
28
- Transparent data encryption (TDE) protects Azure SQL Database, Azure SQL Managed Instance, and Azure Synapse Analytics against the threat of malicious offline activity by encrypting data at rest. TDE performs real-time encryption and decryption of the database, associated backups, and transaction log files at rest without requiring changes to the application. TDE is enabled by default to all newly deployed Azure SQL Databases.
29
29
30
-
- Azure SQL Database, Azure SQL Managed Instance, and Azure Synapse Analytics enforce Secure Socket Layers and Transport Layer Security (SSL/TLS) encryption always for all connections. This level of encryption ensures all data is encrypted "in transit" between the client and server. Transport Layer Security (TLS) is used by all drivers that Microsoft supplies or supports for connecting to databases in Azure SQL Database or Azure SQL Managed Instance.
30
+
- Azure SQL Database, Azure SQL Managed Instance, and Azure Synapse Analytics enforce Transport Layer Security (TLS) 1.2 or higher for all connections. TLS 1.0 and TLS 1.1 are retired and no longer supported. This level of encryption ensures all data is encrypted "in transit" between the client and server. Transport Layer Security (TLS) is used by all drivers that Microsoft supplies or supports for connecting to databases in Azure SQL Database or Azure SQL Managed Instance.
31
31
32
32
- Data-in-use employs a policy-based security feature called _dynamic data masking_. This feature hides the sensitive data in the result set of a query over designated database fields, while the data in the database remains unchanged. Dynamic data masking helps prevent unauthorized access to sensitive data by enabling customers to designate how much of the sensitive data to reveal with minimal consequence on the application layer.
33
33
34
34
:::image type="content" source="../media/dynamic-data-masking.png" alt-text="Diagram shows how parts of a data block are masked." border="false":::
35
35
36
36
> [!TIP]
37
-
> Expand your learning with the [Plan and implement security for Azure SQL Database and Azure SQL Managed Instance](/training/modules/security-azure-sql-database-azure-sql-managed-instance/) learning module.
37
+
> Expand your learning with the [Plan and implement security for Azure SQL Database and Azure SQL Managed Instance](/training/modules/security-azure-sql-database-azure-sql-managed-instance/) learning module.
0 commit comments