From ba8ee1d702762b68f7167393f439814497910ff8 Mon Sep 17 00:00:00 2001
From: shghildi <79434248+shghildi@users.noreply.github.com>
Date: Mon, 30 Sep 2024 10:51:03 +0530
Subject: [PATCH 1/2] Update transparent-data-encryption-tde-overview.md

as per PG team, certificates are rotated once in a year
---
 azure-sql/database/transparent-data-encryption-tde-overview.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/azure-sql/database/transparent-data-encryption-tde-overview.md b/azure-sql/database/transparent-data-encryption-tde-overview.md
index b1856dd9989..ddb5ac9f863 100644
--- a/azure-sql/database/transparent-data-encryption-tde-overview.md
+++ b/azure-sql/database/transparent-data-encryption-tde-overview.md
@@ -35,7 +35,7 @@ For Azure SQL Database and Azure Synapse, the TDE protector is set at the [serve
 
 ## Service-managed transparent data encryption
 
-In Azure, the default setting for TDE is that the DEK is protected by a built-in server certificate. The built-in server certificate is unique for each server and the encryption algorithm used is AES 256. If a database is in a geo-replication relationship, both the primary and geo-secondary databases are protected by the primary database's parent server key. If two databases are connected to the same server, they also share the same built-in certificate. Microsoft automatically rotates these certificates in compliance with the internal security policy and the root key is protected by a Microsoft internal secret store. Customers can verify SQL Database and SQL Managed Instance compliance with internal security policies in independent third-party audit reports available on the [Microsoft Trust Center](https://servicetrust.microsoft.com/).
+In Azure, the default setting for TDE is that the DEK is protected by a built-in server certificate. The built-in server certificate is unique for each server and the encryption algorithm used is AES 256. If a database is in a geo-replication relationship, both the primary and geo-secondary databases are protected by the primary database's parent server key. If two databases are connected to the same server, they also share the same built-in certificate. Microsoft automatically rotates these certificates in compliance with the internal security policy and the root key is protected by a Microsoft internal secret store. These Certificates are rotated once in a year. Customers can verify SQL Database and SQL Managed Instance compliance with internal security policies in independent third-party audit reports available on the [Microsoft Trust Center](https://servicetrust.microsoft.com/).
 
 Microsoft also seamlessly moves and manages the keys as needed for geo-replication and restores.
 

From f33acb8c4a7cf9959e94c42755f1e6ca318836d9 Mon Sep 17 00:00:00 2001
From: Randolph West MSFT <97149825+rwestMSFT@users.noreply.github.com>
Date: Mon, 4 Nov 2024 12:09:23 -0700
Subject: [PATCH 2/2] Update
 azure-sql/database/transparent-data-encryption-tde-overview.md

---
 azure-sql/database/transparent-data-encryption-tde-overview.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/azure-sql/database/transparent-data-encryption-tde-overview.md b/azure-sql/database/transparent-data-encryption-tde-overview.md
index ddb5ac9f863..8efe9e5b02c 100644
--- a/azure-sql/database/transparent-data-encryption-tde-overview.md
+++ b/azure-sql/database/transparent-data-encryption-tde-overview.md
@@ -35,7 +35,7 @@ For Azure SQL Database and Azure Synapse, the TDE protector is set at the [serve
 
 ## Service-managed transparent data encryption
 
-In Azure, the default setting for TDE is that the DEK is protected by a built-in server certificate. The built-in server certificate is unique for each server and the encryption algorithm used is AES 256. If a database is in a geo-replication relationship, both the primary and geo-secondary databases are protected by the primary database's parent server key. If two databases are connected to the same server, they also share the same built-in certificate. Microsoft automatically rotates these certificates in compliance with the internal security policy and the root key is protected by a Microsoft internal secret store. These Certificates are rotated once in a year. Customers can verify SQL Database and SQL Managed Instance compliance with internal security policies in independent third-party audit reports available on the [Microsoft Trust Center](https://servicetrust.microsoft.com/).
+In Azure, the default setting for TDE is that the DEK is protected by a built-in server certificate. The built-in server certificate is unique for each server and the encryption algorithm used is AES 256. If a database is in a geo-replication relationship, both the primary and geo-secondary databases are protected by the primary database's parent server key. If two databases are connected to the same server, they also share the same built-in certificate. Microsoft automatically rotates these certificates once a year, in compliance with the internal security policy, and the root key is protected by a Microsoft internal secret store. Customers can verify SQL Database and SQL Managed Instance compliance with internal security policies in independent third-party audit reports available on the [Microsoft Trust Center](https://servicetrust.microsoft.com/).
 
 Microsoft also seamlessly moves and manages the keys as needed for geo-replication and restores.