Azure Storage allows you to store Files, Blocks (Images, Videos) in a Blob, Tables and Queues along with Page Blobs used by Azure VM as OS and Data Disks.
Once the Azure Storage is created you may want to encrypt the Storage for added security.
Azure provide Data-at-rest encryption of Azure Blob and Files prior to storing content and decrypts the data before retrieving it. The Key management, Encryption and Decryption is a process that is transparent to the users, which means Keys are managed by Azure.
If your organization needs Storage Encryption using Customer managed keys then please stay updated with Azure updates because Azure may start supporting this anytime.
Azure Storage has below characteristics –
- Supports all Azure Regions
- Supports Standard and Premium Storage
- Supports all redundancy configurations (LRS, ZRS, RA-GRS, GRS)
- Support Resource Manager based Storage Accounts and not Classic accounts
- Support Block Blobs and Files Storage types
- Only newly created data will be encrypted which means data prior to turning ON encryption will remain unencrypted
How to enable Storage Encryption?
- Login to Azure Portal (https://portal.azure.com)
- Go to your Storage Account
- Select Encryption in Blob Service and then click on Enabled
Once this is done, data stored in Azure Storage will be encrypted using Azure Managed Keys.