For those not familiar, Azure Storage is a service that allows you to store data as a File, Disk, Blob, Queue, or Table. Azure File Storage is a service within Azure Storage that offers file shares in the cloud, and makes use of the Server Message Block (SMB) protocol – supporting both SMB 2.1 and SMB 3.0. With File Storage, organizations can “lift and shift on premises file shares to the cloud” by just pointing an application to the Azure file share path.
Secure Storage Encryption is geared especially towards those who need their files to be protected in order to comply with HIPAA and BAA. All data is encrypted using AES-256 bit encryption, and all the operations relating to it (encryption, decryption, key management) are handled by Microsoft in a “fully transparent fashion.”
The feature can be enabled on both of the Azure File Storage redundancy types, LRS (Locally Redundant Storage) and GRS (Geo Redundant Storage), and is available at no additional charge.
To turn Secure Storage Encryption (SSE) on, you can use either Azure Portal, Azure PowerShell, Azure CLI, or the Microsoft Azure Storage Resource Provider API on any Azure Resource Manger storage account.
One final thing to note is that SSE is already available for Azure Blob Storage and now Azure File Storage, with support for Azure Tables and Queues coming “by June.”