Encryption is a critical component of data security. It’s what ensures that your sensitive information stays safe from prying eyes and hackers. Microsoft Power Platform uses encryption to protect all customer data, including communication between the server and client applications and confidential content within documents such as spreadsheets or presentations. Microsoft Power Platform offers encryption as standard, and customers are not required to pay any additional fees for this feature.
Microsoft uses SQL Server Transparent Data Encryption (TDE) to encrypt all data within the Dataverse environment.
What is SQL Server Transparent Data Encryption (TDE)?
SQL Server Transparent Data Encryption (TDE) is a built-in encryption technology that you can encrypt your data without any performance degradation. TDE automatically encrypts the content of all user databases and their backups and log files on disk.
When data is encrypted with TDE, all the original content of the database – including queries and indexes on that data – are transparently encrypted. This ensures that sensitive information cannot be accessed by hackers or unauthorised personnel.
A SQL Server system key protects access to this data at rest, so even if someone does manage to mount an attack against your environment, it would take many years for these attackers to decrypt your data.
Who manages the encryption key?
By default, Microsoft will manage and store the encryption keys for you. This is usually the way most organisations will work. You can however manage your own encryption key if you wish.
Details on changing the encryption key can be found here:
https://docs.microsoft.com/en-us/power-platform/admin/manage-encryption-key
