| title | description | services | documentationcenter | author | manager | editor | ms.assetid | ms.service | ms.devlang | ms.topic | ms.tgt_pltfrm | ms.workload | ms.date | ms.author |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Enable encryption for storage account in Azure Security Center | Microsoft Docs |
This document shows you how to implement the Azure Security Center recommendations **Enable encryption for Azure Storage Account**. |
security-center |
na |
TerryLanfear |
MBaldwin |
security-center |
na |
article |
na |
na |
12/20/2016 |
terrylan |
Azure Security Center may recommend that you enable Azure Storage Service Encryption for data at rest.
Storage Service Encryption (SSE) works by encrypting the data when it is written to Azure storage and decrypting the data before retrieval. SSE is currently available only for the Azure Blob service and can be used for block blobs, page blobs, and append blobs. To learn more, see Storage Service Encryption for data at rest.
Note
After enabling encryption, only new data is encrypted. Any existing blobs in your storage account remain unencrypted. To encrypt existing blobs, see the Storage Service Encryption FAQ.
Storage Service Encryption is only supported on Resource Manager storage accounts. Classic storage accounts are not currently supported. To understand the classic and Resource Manager deployment models, see Azure deployment models.
Note
This document introduces the service by using an example deployment. This document is not a step-by-step guide.
- In the Recommendations blade, select Enable encryption for Azure Storage Account.
- The Enable storage encryption blade opens. This blade lists the Azure storage accounts where storage encryption is disabled. In this example, let's select storageacct1.
- The Encryption blade for storageacct1 opens. Select Enabled.
- Select Save.
You have now enabled storage encryption for storageacct1.
This document showed you how to implement the Security Center recommendation "Enable encryption for Azure Storage Account." To learn more about Azure Storage Service Encryption, see the following:
To learn more about Security Center, see the following:
- Setting security policies in Azure Security Center - Learn how to configure security policies for your Azure subscriptions and resource groups.
- Security health monitoring in Azure Security Center - Learn how to monitor the health of your Azure resources.
- Managing and responding to security alerts in Azure Security Center - Learn how to manage and respond to security alerts.
- Managing security recommendations in Azure Security Center - Learn how recommendations help you protect your Azure resources.
- Azure Security Center FAQ - Find frequently asked questions about using the service.
- Azure Security blog - Find blog posts about Azure security and compliance.