Data that moves from one location to another is kept private by the different mechanisms that Azure has to offer. The different mechanisms are described in the following sections.
TLS/SSL encryption in Azure
Data that is moving between cloud services and customers is protected by the Transport Layer Security (TLS) protocol. TLS provides strong authentication, algorithm flexibility, interoperability, message privacy, ease of deployment and use, and integrity (enabling detection of message tampering, interception, and forgery).
Connections between customers' client systems and Microsoft cloud services are also protected by Perfect Forward Secrecy (PFS) using unique keys. PFS is an encryption style that produces temporary private key exchanges between clients and servers. For every individual session initiated by a user, a unique session key is generated. Connections also use RSA-based 2,048-bit encryption key lengths. This combination makes...
