다음을 통해 공유


Announcing the General Availability of Storage Service Encryption for Data at Rest

Storage Service Encryption for Azure Blob Storage helps you address organizational security and compliance requirements by encrypting your Blob storage (Block Blobs, Page Blobs and Append Blobs).

Today, we are excited to announce the General Availability of Storage Service Encryption for Azure Blob Storage. You can enable this feature on any Azure Resource Manager storage account using the Azure Portal, Azure Powershell, Azure CLI or the Microsoft Azure Storage Resource Provider API.

Microsoft Azure Storage handles all the encryption, decryption and key management in a totally transparent fashion. All data is encrypted using 256-bit AES encryption, also known as AES-256, one of the strongest block ciphers available. Customers can enable this feature on all available redundancy types of Azure Storage – LRS, GRS, ZRS, RA-GRS and Premium-LRS for all Azure Resource Manager Storage accounts and Blob Storage accounts. There is no additional charge for enabling this feature.

Note that SSE encrypts when blobs are written or updated. This means that when you enable SSE for an existing storage account, only new writes are encrypted; it does not go back and encrypt the data already present.

Find out more about Storage Service Encryption with Service Managed Keys.