Get started with Transparent Data Encryption (TDE)

Article
07/27/2022

Required Permissions

To enable Transparent Data Encryption (TDE), you must be an administrator or a member of the dbmanager role.

Enabling Encryption

Follow these steps to enable TDE:

Connect to the master database on the server hosting the database using a login that is an administrator or a member of the dbmanager role in the master database
Execute the following statement to encrypt the database.

ALTER DATABASE [AdventureWorks] SET ENCRYPTION ON;

Disabling Encryption

Follow these steps to disable TDE:

Connect to the master database using a login that is an administrator or a member of the dbmanager role in the master database
Execute the following statement to encrypt the database.

ALTER DATABASE [AdventureWorks] SET ENCRYPTION OFF;

Note

A paused dedicated SQL pool must be resumed before making changes to the TDE settings.

Verifying Encryption

To verify encryption status, follow the steps below:

Connect to the master or instance database using a login that is an administrator or a member of the dbmanager role in the master database
Execute the following statement to encrypt the database.

SELECT
    [name],
    [is_encrypted]
FROM
    sys.databases;

A result of 1 indicates an encrypted database, 0 indicates a non-encrypted database.

Encryption DMVs

Feedback

Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.

Submit and view feedback for

This product This page

View all page feedback