Determine Azure Storage encryption
Azure Storage encryption for data at rest protects your data by ensuring your organizational security and compliance commitments are met. The encryption and decryption processes happen automatically. Because your data is secured by default, you don't need to modify your code or applications.
Things to know about Azure Storage encryption
Examine the following characteristics of Azure Storage encryption.
Data is encrypted automatically before it's persisted to Azure Managed Disks, Azure Blob Storage, Azure Queue Storage, Azure Cosmos DB, Azure Table Storage, or Azure Files.
Data is automatically decrypted before it's retrieved.
Azure Storage encryption, encryption at rest, decryption, and key management are transparent to users.
All data written to Azure Storage is encrypted through 256-bit advanced encryption standard (AES) encryption. AES is one of the strongest block ciphers available.
Azure Storage encryption is enabled for all new and existing storage accounts and can't be disabled.
Configure Azure Storage encryption
In the Azure portal, you configure Azure Storage encryption by specifying the encryption type. You can manage the keys yourself, or you can have the keys managed by Microsoft. Consider how you might implement Azure Storage encryption for your storage security.