Get started with Transparent Data Encryption (TDE)

Required Permissions

To enable Transparent Data Encryption (TDE), you must be an administrator or a member of the dbmanager role.

Enabling Encryption

Follow these steps to enable TDE:

1. Connect to the master database on the server hosting the database using a login that is an administrator or a member of the dbmanager role in the master database
2. Execute the following statement to encrypt the database.

ALTER DATABASE [AdventureWorks] SET ENCRYPTION ON;

Disabling Encryption

Follow these steps to disable TDE:

1. Connect to the master database using a login that is an administrator or a member of the dbmanager role in the master database
2. Execute the following statement to encrypt the database.

ALTER DATABASE [AdventureWorks] SET ENCRYPTION OFF;

Note

A paused dedicated SQL pool must be resumed before making changes to the TDE settings.

Verifying Encryption

To verify encryption status, follow the steps below:

1. Connect to the master or instance database using a login that is an administrator or a member of the dbmanager role in the master database
2. Execute the following statement to encrypt the database.

SELECT
    [name],
    [is_encrypted]
FROM
    sys.databases;

A result of 1 indicates an encrypted database, 0 indicates a non-encrypted database.

Encryption DMVs

• sys.databases
• sys.dm_pdw_nodes_database_encryption_keys