A DP-203 scenario requires encrypting data in an Azure Synapse dedicated SQL pool using a key stored in a customer-managed Azure Key Vault. Which TDE setting must be configured?
-
A
Enable TDE with the service-managed key, then rotate to a customer key
-
B
Set TDE Protector to the customer-managed key from Key Vault
-
C
Enable Always Encrypted with the Key Vault key as the column master key
-
D
Configure Bring Your Own Key (BYOK) in the Synapse workspace Advanced Settings