Get started with Transparent Data Encryption (TDE) for dedicated SQL pool (formerly SQL DW) in Azure Synapse Analytics

• Security Overview
• Authentication
• Encryption (Portal)
• Encryption (T-SQL)

Note

This article applies to Azure SQL Database, Azure SQL Managed Instance, and Azure Synapse Analytics (dedicated SQL pools (formerly SQL DW)). For documentation on Transparent Data Encryption for dedicated SQL pools inside Synapse workspaces, see Azure Synapse Analytics encryption.

Required Permissions

To enable Transparent Data Encryption (TDE), you must be an administrator or a member of the dbmanager role.

Enabling Encryption

To enable TDE, follow the steps below:

1. Open the database in the Azure portal
2. In the database blade, click the Settings button
3. Select the Transparent data encryption option
4. Select the On setting
5. Select Save

Disabling Encryption

To disable TDE, follow the steps below:

1. Open the database in the Azure portal
2. In the database blade, click the Settings button
3. Select the Transparent data encryption option
4. Select the Off setting
5. Select Save

Encryption DMVs

Encryption can be confirmed with the following DMVs:

• sys.databases
• sys.dm_pdw_nodes_database_encryption_keys