Azure SQL Database Transparent Data Encryption

Azure SQL Database transparent data encryption helps protect against the threat of malicious activity by performing real-time encryption and decryption of the database, associated backups, and transaction log files at rest without requiring changes to the application.

TDE encrypts the storage of an entire database by using a symmetric key called Database Encryption Key (DEK). In SQL Database the Database Encryption Key is protected by built-in server certificate. The built-in server certificate is unique for each SQL Database server. If the database is in a GeoDR relationship, it is protected by a different key on each server. If 2 databases are connected on a same server, they share the same built-in certificate. Microsoft automatically rotates these certificates at least every 90 days.

Note: TDE does not provide encryption across communication channels.

When using TDE with SQL Database V12, the server-level certificate stored in the master database is automatically created for you by SQL Database. To move a TDE database on SQL Database you must decrypt the database, move the database, and then re-enable TDE on the Destination Database.

Enable TDE on a Database Using the Portal

Visit the Azure portal at https://portal.azure.com and sign with your Azure Administrator or contributor account.
On the left banner, click to BROWSE, and then click SQL Databases.
With SQL Databases selected in the left pane, click the user database, here in our example I have selected the Sample AdventureWorks2012 Database, as per Image 1.0
Click the Transparent Data Encryption part to open the Transparent Data Encryption blade.
In the Data Encryption blade, move the Data Encryption button to On.
Finally, click Save (at the top of the page) to apply setting. The Encryption status will approximate the progress of the transparent data encryption.
Once the encryption completed, you should be able to see the Encryption Status as Encrypted as per the image below.

Azure SQL Database Encrypting Data in Transit

Azure SQL Database connections are encrypted using TLS/SSL for the Tabular Data Stream (TDS) transfer of data. When connection with Latest version of ADO.Net (4.6), JDBC (4.2) Azure SQL Database V12 now supports the strongest version for the TLS (Transport Layer Security) 1.2 Connections.

Support for ODBC on Linux, PHP and node.js coming soon.

Microsoft provides as a valid certificate for the TLS connection for Azure SQL Database. We can implement increased security and eliminate the possibility of “man-on-the-middle” attacks, by implementing below changes to each the different drivers.

On below connection String Setting Encrypt=True will assure that the client is using a connection that is encrypted. Setting TrustServerCertificate=False ensures that the client will verify the certificate before accepting the connection.

Error: Cannot Connect Azure SQL Database

Error: Can not Connect to *.windows.net.

I was getting below Database connection Error When try to connect via Azure Active Directory Login failed for user ‘NT AUTHORITY\ANONYMOUS LOGON’. (Microsoft SQL server, Error: 18456).

You must require SQL SERVER Management Studio 2016 to connect to Azure SQL Database via Management Studio using Windows Authentication.

You can download SQL Server Management Studio 2016 from below URL
SQL SERVER Management Studio 2016 Download.

I have set up Database user on the Azure SQL Database, technically I should be able to connect to Azure SQL Database (for example, Adventure Works), but I can’t and gives me below error.

Solution: On the Connect to Server Dialog box in the Connection Properties page put Database name and Click Connect.