diff --git a/azure-sql/database/transparent-data-encryption-tde-overview.md b/azure-sql/database/transparent-data-encryption-tde-overview.md index b1856dd9989..8efe9e5b02c 100644 --- a/azure-sql/database/transparent-data-encryption-tde-overview.md +++ b/azure-sql/database/transparent-data-encryption-tde-overview.md @@ -35,7 +35,7 @@ For Azure SQL Database and Azure Synapse, the TDE protector is set at the [serve ## Service-managed transparent data encryption -In Azure, the default setting for TDE is that the DEK is protected by a built-in server certificate. The built-in server certificate is unique for each server and the encryption algorithm used is AES 256. If a database is in a geo-replication relationship, both the primary and geo-secondary databases are protected by the primary database's parent server key. If two databases are connected to the same server, they also share the same built-in certificate. Microsoft automatically rotates these certificates in compliance with the internal security policy and the root key is protected by a Microsoft internal secret store. Customers can verify SQL Database and SQL Managed Instance compliance with internal security policies in independent third-party audit reports available on the [Microsoft Trust Center](https://servicetrust.microsoft.com/). +In Azure, the default setting for TDE is that the DEK is protected by a built-in server certificate. The built-in server certificate is unique for each server and the encryption algorithm used is AES 256. If a database is in a geo-replication relationship, both the primary and geo-secondary databases are protected by the primary database's parent server key. If two databases are connected to the same server, they also share the same built-in certificate. Microsoft automatically rotates these certificates once a year, in compliance with the internal security policy, and the root key is protected by a Microsoft internal secret store. Customers can verify SQL Database and SQL Managed Instance compliance with internal security policies in independent third-party audit reports available on the [Microsoft Trust Center](https://servicetrust.microsoft.com/). Microsoft also seamlessly moves and manages the keys as needed for geo-replication and restores.