You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/virtual-machines/disk-encryption-overview.md
+6-6Lines changed: 6 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -14,7 +14,7 @@ ms.custom: references_regions
14
14
15
15
There are several types of encryption available for your managed disks, including Azure Disk Encryption (ADE), Server-Side Encryption (SSE) and encryption at host.
16
16
17
-
-**Azure Disk Storage Server-Side Encryption** (also referred to as encryption-at-rest or Azure Storage encryption) is always enabled and automatically encrypts data stored on Azure managed disks (OS and data disks) when persisting on the Storage Clusters. When configured with a Disk Encryption Set (DES), it supports customer-managed keys as well. It does not encrypt temp disks or disk caches. For full details, see [Server-side encryption of Azure Disk Storage](./disk-encryption.md).
17
+
-**Azure Disk Storage Server-Side Encryption** (also referred to as encryption-at-rest or Azure Storage encryption) is always enabled and automatically encrypts data stored on Azure managed disks (OS and data disks) when persisting on the Storage Clusters. When configured with a Disk Encryption Set (DES), it supports customer-managed keys as well. It doesn't encrypt temp disks or disk caches. For full details, see [Server-side encryption of Azure Disk Storage](./disk-encryption.md).
18
18
19
19
-**Encryption at host** is a Virtual Machine option that enhances Azure Disk Storage Server-Side Encryption to ensure that all temp disks and disk caches are encrypted at rest and flow encrypted to the Storage clusters. For full details, see [Encryption at host - End-to-end encryption for your VM data](./disk-encryption.md#encryption-at-host---end-to-end-encryption-for-your-vm-data).
20
20
@@ -28,13 +28,13 @@ Encryption is part of a layered approach to security and should be used with oth
28
28
29
29
Here's a comparison of Disk Storage SSE, ADE, encryption at host, and Confidential disk encryption.
30
30
31
-
||**Azure Disk Storage Server-Side Encryption**|**Encryption at Host**|**Azure Disk Encryption**|**Confidential disk encryption**|
31
+
||**Azure Disk Storage Server-Side Encryption**|**Encryption at Host**|**Azure Disk Encryption**|**Confidential disk encryption (For the OS disk only**|
32
32
|--|--|--|--|--|
33
-
| Encryption at rest (OS and data disks) |✅|✅|✅|✅For the OS disk only |
33
+
| Encryption at rest (OS and data disks) |✅|✅|✅|✅|
34
34
| Temp disk encryption |❌|✅|✅|❌|
35
-
| Encryption of caches |❌|✅|✅|✅For the OS disk only |
36
-
| Data flows encrypted between Compute and Storage |❌|✅|✅|✅For the OS disk only |
37
-
| Customer control of keys |✅ When configured with DES |✅ When configured with DES |✅|✅For the OS disk only |
35
+
| Encryption of caches |❌|✅|✅|✅|
36
+
| Data flows encrypted between Compute and Storage |❌|✅|✅|✅|
37
+
| Customer control of keys |✅ When configured with DES |✅ When configured with DES |✅|✅|
38
38
| Does not use your VM's CPU |✅|✅|❌|❌|
39
39
| Works for custom images |✅|✅|❌ Does not work for custom Linux images |✅|
0 commit comments