Privacy in Azure SQL Database
This guide provides a comprehensive overview of privacy controls, data handling, and compliance features built into Azure SQL Database.
Data Protection Overview
Azure SQL Database offers multiple layers of data protection to help you meet privacy requirements and regulatory standards.
- Transparent Data Encryption (TDE) – Encrypts data at rest without application changes.
- Always Encrypted – Protects sensitive data both at rest and in motion, with keys managed outside of Azure.
- Dynamic Data Masking – Masks sensitive data in query results for non‑privileged users.
- Row‑Level Security (RLS) – Controls access to rows based on user context.
Encryption Details
Encryption is applied transparently; you can enable it with a single command.
ALTER DATABASE CURRENT SET ENCRYPTION ON;Compliance Certifications
Azure SQL Database complies with major global standards. Below is a snapshot of current certifications.
| Standard | Certification | Region |
|---|---|---|
| ISO/IEC 27001 | Certified | Global |
| HIPAA | Covered | US |
| GDPR | Compliant | EU |
| SOC 2 Type II | Certified | Global |
Manage Privacy Settings via Azure Portal
- Navigate to your Azure SQL Database resource.
- Select Transparent data encryption under the Security section.
- Toggle the status to On if it isn’t already enabled.
- Configure Always Encrypted keys in the Keys blade.