Check the encryption status of a blob
Every block blob, append blob, or page blob that was written to Azure Storage after October 20, 2017 is encrypted with Azure Storage encryption. Blobs created prior to this date continue to be encrypted by a background process.
This article shows how to determine whether a given blob has been encrypted.
Check a blob's encryption status
Use the Azure portal, PowerShell, or Azure CLI to determine whether a blob is encrypted without code.
To use the Azure portal to check whether a blob has been encrypted, follow these steps:
In the Azure portal, navigate to your storage account.
Select Containers to navigate to a list of containers in the account.
Locate the blob and display its Overview tab.
View the Server Encrypted property. If True, as shown in the following image, then the blob is encrypted. Notice that the blob's properties also include the date and time that the blob was created.
Force encryption of a blob
If a blob that was created prior to October 20, 2017 has not yet been encrypted by the background process, you can force encryption to occur immediately by downloading and re-uploading the blob. A simple way to do this is with AzCopy.
To download a blob to your local file system with AzCopy, use the following syntax:
azcopy copy 'https://<storage-account-name>.<blob or dfs>.core.windows.net/<container-name>/<blob-path>' '<local-file-path>' Example: azcopy copy 'https://storagesamples.blob.core.windows.net/sample-container/blob1.txt' 'C:\temp\blob1.txt'
To re-upload the blob to Azure Storage with AzCopy, use the following syntax:
azcopy copy '<local-file-path>' 'https://<storage-account-name>.<blob or dfs>.core.windows.net/<container-name>/<blob-name>' Example: azcopy copy 'C:\temp\blob1.txt' 'https://storagesamples.blob.core.windows.net/sample-container/blob1.txt'
For more information about using AzCopy to copy blob data, see Transfer data with AzCopy and Blob storage.