Encryption at Rest Coming to Azure Blob Storage in Preview

Microsoft has announced new encryption capabilities coming to Azure Blob Storage.  The result is that all data stored within blob storage is now encrypted at rest using 256-bit AES Encryption.

Portal Screenshot showing Encryption properties

The new feature is only available in preview and only in particular regions (East Asia for Standard Storage and Japan East for Premium Storage).

The encryption is transparent to all the existing interfaces into Azure Storage, e.g. AZCOPY, PowerShell, .NET APIs, etc. so no changes are required to implement the feature.

The strength of any encryption is the management of the keys used to encrypt and in this case the keys are created and managed by Microsoft.  However, they are looking to enable organizations who want to manage their own keys so that they are never in Microsoft’s hands (a big concern for organizations who don’t want their data requested by NSA and other government agencies).

Q: Who manages the encryption keys?

A: The keys are managed by Microsoft.

Q: Can I use my own encryption keys?

A: We are working on providing capabilities for customers to bring their own encryption keys.

Q: Can I revoke access to the encryption keys?

A: Not at this time; the keys are fully managed by Microsoft.

Read More

Globally Distributed NoSQL Databases Coming to Azure DocumentDB

Microsoft has announced several improvements to the Azure DocumentDB service that allow it to act as a globally distributed NoSQL database.

Today we are pleased to introduce global databases for Azure DocumentDB. Global databases allow you to replicate data across multiple Azure regions to achieve low latency access with well-defined data consistency while offering clear availability SLAs. Global databases are designed to meet the needs of planet scale applications such as IoT systems serving globally distributed devices or internet scale web applications that deliver highly personalized experiences.


In addition to the addition of globally distributed databases, Microsoft is also providing a layer to enable support for MongoDB database drivers.  If you have an application that uses MongoDB today, you can move the database to Azure DocumentDB and your existing MongoDB drivers will work but with some added benefits that are provided by Azure DocumentDB.

These new features are currently in preview only.

Read More

Integrated Power BI Visualizations for Applications Coming Soon with Power BI Embedded

Microsoft announced that they will provide a version of Power BI that allows for integration of the Power BI service with custom applications.  The service will be called Power BI Embedded and will enable scenarios where application developers would like to harness the Power BI visualization service within their application stack. 

Power BI Embedded

Unlike the current subscription model which charges per user, Power BI Embedded will be charged on a per usage basis to enable application developers to manage their own users and to ease integration with Power BI as a pure service.  Pricing has not been released yet.

Read More