Using SQL Server Transparent Data Encryption (TDE) with Dynamics NAV


Over the last few months, the Dynamics NAV team has been testing compatibility with SQL Server Transparent Data Encryption (TDE), and we are now proud to announce that the following Dynamics NAV versions all support SQL Server Transparent Data Encryption (TDE):

  • Microsoft Dynamics NAV 2018
  • Microsoft Dynamics NAV 2017
  • Microsoft Dynamics NAV 2016
  • Microsoft Dynamics NAV 2015

With TDE, you can encrypt sensitive data in the database and protect the keys that are used to encrypt the data with a certificate. TDE performs real-time I/O encryption and decryption of the data and log files to protect data at rest. TDE can assist in the ability to comply with many laws, regulations, and guidelines established in various industries.

At the time of writing, Transparent Data Encryption (TDE) is available in Enterprise Edition of SQL Server as well as Azure SQL Database.

Read more about Transparent Data Encryption (TDE) for Dynamics NAV here:

https://docs.microsoft.com/en-us/dynamics-nav/transparent-data-encryption

 

Comments (6)

  1. David Curd says:

    Was it ever stated that TDE wasn’t supported? We have been using it for a few years now.

    1. No, it was never stated that it wasn’t supported. We just wanted to make it explicit, since many partners have been asking questions about “encryption at rest” requirements

  2. Yevhen Nedashkivskiy says:

    We have been using this for years and had no idea that MS does not support TDE for NAV databases.

    1. We never stated that it wasn’t supported. We just wanted to make it explicit, since many partners have been asking questions about “encryption at rest” requirements

  3. What about Always Encrypted, is it also supported (explicitly)? Also thinking about Dynamic Data masking, I’ve been wondering how that works considering that the NAV service is using an service account when generating querys towards SQL Server, that’s a struggle correct?

    1. No, Always Encrypted is not supported as of this time (as it requires a rewrite of security responsibility of components in the technology stack). As we don’t recommend querying directly to the SQL Server tables, Dynamic Data Masking is not really a thing with NAV

Skip to main content