Get started with Transparent Data Encryption (TDE)

Required Permssions

To enable Transparent Data Encryption (TDE), you must be an administrator or a member of the dbmanager role.

Enabling Encryption

Follow these steps to enable TDE for a SQL Data Warehouse:

  1. Connect to the master database on the server hosting the database using a login that is an administrator or a member of the dbmanager role in the master database
  2. Execute the following statement to encrypt the database.
ALTER DATABASE [AdventureWorks] SET ENCRYPTION ON;

Disabling Encryption

Follow these steps to disable TDE for a SQL Data Warehouse:

  1. Connect to the master database using a login that is an administrator or a member of the dbmanager role in the master database
  2. Execute the following statement to encrypt the database.
ALTER DATABASE [AdventureWorks] SET ENCRYPTION OFF;
Note

A paused SQL Data Warehouse must be resumed before making changes to the TDE settings.

Verifying Encryption

To verify encryption status for a SQL Data Warehouse, follow the steps below:

  1. Connect to the master or instance database using a login that is an administrator or a member of the dbmanager role in the master database
  2. Execute the following statement to encrypt the database.
SELECT
    [name],
    [is_encrypted]
FROM
    sys.databases;

A result of 1 indicates an encrypted database, 0 indicates a non-encrypted database.

Encryption DMVs