![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 15%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Azure SQL Database
An Azure relational database service.
5,123 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(249.60000000000002, 31%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDR%3C/text%3E%3C/svg%3E)
Transparent Data Encryption (TDE) is a built-in encryption feature in SQL Server and Azure SQL Database that encrypts the entire database file (i.e. data at rest). TDE encrypts the storage of an entire database by using an industry-standard AES-256 algorithm. It encrypts the data files, transaction log files and backups, making it an ideal choice for compliance with regulations such as HIPAA and PCI-DSS.
Always Encrypted, on the other hand, is a feature of SQL Server and Azure SQL Database that protects sensitive data, such as credit card numbers or national identification numbers, stored in individual columns. Always Encrypted allows clients to encrypt sensitive data inside client applications and never reveal the encryption keys to the Database Engine. This means that the data is protected both when it is at rest and when it is in transit.
In terms of supported Azure databases, TDE is supported in both Azure SQL Database and Azure SQL Managed Instance. Always Encrypted is also supported in both Azure SQL Database and Azure SQL Managed Instance.
In general, TDE is best used when protecting data at rest is the main concern, such as for compliance with regulatory requirements. Always Encrypted is best used when protecting sensitive data from being accessed by anyone other than authorized parties is the main concern, such as for protecting personally identifiable information (PII) and sensitive business information.