We are a small business that host applications and data for clients. Some of our clients are requesting we protect their data with 'encryption at rest' - although it's never very clear if they know what this really means.
The data is currently on an Azure VM running SQL Server Standard.
One option is for us to use TDE but this is only available in SQL Enterprise and the extra licencing cost would be a considerable for us.
The other is to use Azure Disk Encryption on the existing SQL Standard VM for free.
Is there much practical difference in the outcome between using TDE and Disk Encryption when it comes to reassuring the client that their data is encrypted at rest.
What differences should I be considering?