Enabling TDE for Azure SQL Data Warehouse

Security is top of mind for everyone these days - securing your identity, securing your data. When you think about how you secure your data in the cloud you need to ensure that you understand how your data is stored and accessed. The Azure SQL Data Warehouse service utilizes Transparent Data Encryption (TDE) to encrypt your database, associated backups, and transaction log files at rest without requiring changes to your application.

SQL Data Warehouse's TDE implementation is based on SQL Server's TDE technology which encrypts the storage of an entire database by using industry standard AES-256 symmetric key called the database encryption key. SQL Data Warehouse protects this database encryption key with a service managed certificate.

Getting Started (the portal way)

The easiest way to turn on TDE for your database instance is via the Azure portal. Once in the portal, just navigate to your database, and expand the Transparent data encryption blade.

You simply click on the On button and then the Save button at the top.

In just a minute or so, your database will be secured.

Getting Started (the T-SQL way)

To enable TDE, via T-SQL you simple connect to the master database and execute the following command:

 ALTER DATABASE [DemoDW] SET ENCRYPTION ON;

Verify Encrypted Status

You can verify the state of all of your databases by connecting to the master database and executing the following command:

 SELECT name, is_encrypted FROM sys.databases;

The results list all of the databases by name and encrypted status (0 = not encrypted, 1 = encrypted).

Next Steps

Visit the SQL Data Warehouse Overview to learn more about Microsoft’s scale out relational data warehouse.