Azure Notification Hubs encryption for data at rest
Azure Notification Hubs uses Transparent Data Encryption (TDE) to automatically encrypt customer keys and data stored in databases. Azure Notification Hubs encryption protects customer's data to help you to meet organizational security and compliance commitments.
Encryption at rest provides data protection for stored data (at rest). For detailed information about data encryption at rest in Azure Azure, see Azure Data Encryption-at-Rest.
Azure Notification Hubs stores customer keys and data in SQL databases at rest. The SQL databases encrypt the data stored there with Transparent Data Encryption (TDE). The pages in a database are encrypted before they are written to disk and decrypted when read into memory. The server-level certificate is stored in the main database. Once the database has been secured, it can be restored by using the correct certification.
Data stored in Azure Notification Hubs is automatically and seamlessly encrypted with keys managed by Azure (service-managed keys). Azure Notification Hubs encryption at rest is automatically enabled and cannot be disabled. This means the data is secured by default, and there is no need for modifications to your code or applications in order to use Azure Notification Hubs encryption.