diff --git a/website/docs/r/mssql_server_transparent_data_encryption.html.markdown b/website/docs/r/mssql_server_transparent_data_encryption.html.markdown index 0a8df524577b..c8f3271596c6 100644 --- a/website/docs/r/mssql_server_transparent_data_encryption.html.markdown +++ b/website/docs/r/mssql_server_transparent_data_encryption.html.markdown @@ -10,7 +10,7 @@ description: |- Manages the transparent data encryption configuration for a MSSQL Server -!> **IMPORTANT:** This resource should only be used with pre-existing MS SQL Instances that are over 2 years old. For new MS SQL Instances that will be created through the use of the `azurerm_mssql_server` resource, please enable Transparent Data Encryption through `azurerm_mssql_server` resource itself by configuring an [identity](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/mssql_server#identity) block. By default all new MS SQL Instances are deployed with System Managed Transparent Data Encryption enabled. +!> **IMPORTANT:** This resource can be used to configure Transparent Data Encryption for MS SQL instances with Customer Managed Keys. For MS SQL instances that are System Managed, it should only be used with pre-existing MS SQL Instances that are over 3 years old. For new System Managed MS SQL Instances that will be created through the use of the `azurerm_mssql_server` resource, please enable Transparent Data Encryption through `azurerm_mssql_server` resource itself by configuring an [identity](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/mssql_server#identity) block. By default, all new MS SQL Instances are deployed with System Managed Transparent Data Encryption enabled. ~> **NOTE:** Once transparent data encryption is enabled on a MS SQL instance, it is not possible to remove TDE. You will be able to switch between 'ServiceManaged' and 'CustomerManaged' keys, but will not be able to remove encryption. For safety when this resource is deleted, the TDE mode will automatically be set to 'ServiceManaged'. See `key_vault_uri` for more information on how to specify the key types. As SQL Server only supports a single configuration for encryption settings, this resource will replace the current encryption settings on the server.