Merge pull request #226932 from tamram/tamram23-0209

v-shils · web-flow · commit baa6518ef6aa · 2023-02-13T11:13:13.000-08:00
updates for blob background encryption complete
diff --git a/articles/storage/blobs/storage-blob-encryption-status.md b/articles/storage/blobs/storage-blob-encryption-status.md
@@ -1,13 +1,13 @@
 ---
 title: Check the encryption status of a blob
 titleSuffix: Azure Storage
-description: Learn how to use Azure portal, PowerShell, or Azure CLI to check whether a given blob is encrypted. If a blob is not encrypted, learn how to use AzCopy to force encryption by downloading and re-uploading the blob.
+description: Learn how to use Azure portal, PowerShell, or Azure CLI to check whether a given blob is encrypted.
 services: storage
 author: jimmart-dev
 
 ms.service: storage
 ms.topic: how-to
-ms.date: 11/26/2019
+ms.date: 02/09/2023
 ms.author: jammart
 ms.reviewer: ozgun
 ms.subservice: common 
@@ -17,9 +17,9 @@ ms.devlang: azurecli
 
 # Check the encryption status of a blob
 
-Every block blob, append blob, or page blob that was written to Azure Storage after October 20, 2017 is encrypted with Azure Storage encryption. Blobs created prior to this date continue to be encrypted by a background process.
+Every block blob, append blob, or page blob in Azure Storage is encrypted with Azure Storage encryption. This article shows how to determine whether a specific blob has been encrypted.
 
-This article shows how to determine whether a given blob has been encrypted.
+For more information about Azure Storage encryption, see [Azure Storage encryption for data at rest](../common/storage-service-encryption.md).
 
 ## Check a blob's encryption status
 
@@ -71,30 +71,6 @@ To determine when the blob was created, check the value of the **created** prope
 
 ---
 
-## Force encryption of a blob
-
-If a blob that was created prior to October 20, 2017 has not yet been encrypted by the background process, you can force encryption to occur immediately by downloading and re-uploading the blob. A simple way to do this is with AzCopy.
-
-To download a blob to your local file system with AzCopy, use the following syntax:
-
-```
-azcopy copy 'https://<storage-account-name>.<blob or dfs>.core.windows.net/<container-name>/<blob-path>' '<local-file-path>'
-
-Example:
-azcopy copy 'https://storagesamples.blob.core.windows.net/sample-container/blob1.txt' 'C:\temp\blob1.txt'
-```
-
-To re-upload the blob to Azure Storage with AzCopy, use the following syntax:
-
-```
-azcopy copy '<local-file-path>' 'https://<storage-account-name>.<blob or dfs>.core.windows.net/<container-name>/<blob-name>'
-
-Example:
-azcopy copy 'C:\temp\blob1.txt' 'https://storagesamples.blob.core.windows.net/sample-container/blob1.txt'
-```
-
-For more information about using AzCopy to copy blob data, see [Transfer data with AzCopy and Blob storage](../common/storage-use-azcopy-v10.md#transfer-data).
-
 ## Next steps
 
 [Azure Storage encryption for data at rest](../common/storage-service-encryption.md)
diff --git a/articles/storage/common/storage-service-encryption.md b/articles/storage/common/storage-service-encryption.md
@@ -5,7 +5,7 @@ services: storage
 author: tamram
 
 ms.service: storage
-ms.date: 10/31/2022
+ms.date: 02/09/2023
 ms.topic: conceptual
 ms.author: tamram
 ms.reviewer: ozgun
@@ -24,9 +24,9 @@ Data in Azure Storage is encrypted and decrypted transparently using 256-bit [AE
 
 Azure Storage encryption is enabled for all storage accounts, including both Resource Manager and classic storage accounts. Azure Storage encryption cannot be disabled. Because your data is secured by default, you don't need to modify your code or applications to take advantage of Azure Storage encryption.
 
-Data in a storage account is encrypted regardless of performance tier (standard or premium), access tier (hot or cool), or deployment model (Azure Resource Manager or classic). All blobs in the archive tier are also encrypted. All Azure Storage redundancy options support encryption, and all data in both the primary and secondary regions is encrypted when geo-replication is enabled. All Azure Storage resources are encrypted, including blobs, disks, files, queues, and tables. All object metadata is also encrypted. There is no additional cost for Azure Storage encryption.
+Data in a storage account is encrypted regardless of performance tier (standard or premium), access tier (hot or cool), or deployment model (Azure Resource Manager or classic). All new and existing block blobs, append blobs, and page blobs are encrypted, including blobs in the archive tier. All Azure Storage redundancy options support encryption, and all data in both the primary and secondary regions is encrypted when geo-replication is enabled. All Azure Storage resources are encrypted, including blobs, disks, files, queues, and tables. All object metadata is also encrypted.
 
-Every block blob, append blob, or page blob that was written to Azure Storage after October 20, 2017 is encrypted. Blobs created prior to this date continue to be encrypted by a background process. To force the encryption of a blob that was created before October 20, 2017, you can rewrite the blob. To learn how to check the encryption status of a blob, see [Check the encryption status of a blob](../blobs/storage-blob-encryption-status.md).
+There is no additional cost for Azure Storage encryption.
 
 For more information about the cryptographic modules underlying Azure Storage encryption, see [Cryptography API: Next Generation](/windows/desktop/seccng/cng-portal).
 
