# Data protection
<a name="data-protection"></a>

 Microsoft workloads often handle sensitive enterprise data that requires protection through encryption, access controls, and secure data handling practices. This focus area explores how to implement comprehensive data protection strategies that secure data at rest, in transit, and in use, while using both Microsoft and AWS security capabilities. 


|  MSFTSEC03: How do you protect your Microsoft workload data?  | 
| --- | 
|   | 

 Whether using Microsoft SQL Server or other solutions, it's best practice to encrypt data both at rest and in transit, employing multiple encryption mechanisms to meet internal and external security requirements. 

**Topics**
+ [MSFTSEC03-BP01 Encrypt data stored in Microsoft workloads](msftsec03-bp01.md)
+ [MSFTSEC03-BP02 Enable Always Encrypted feature for SQL Server](msftsec03-bp02.md)
+ [MSFTSEC03-BP03 Use Trusted Platform Module (TPM) technology for hardware-based security on your instances](msftsec03-bp03.md)