Security Center default policy setting “Monitor SQL Encryption” should be enabled


Enable SQL encryption recommendations. When this setting is enabled, it recommends that encryption at rest be enabled for the Azure SQL Database, associated backups, and transaction log files. In the event of a data breach, it will not be readable.

Portal Remediation Steps

  • Navigate to Security Center.

  • In the left navigation under Policy & Compliance, select Security policy.

  • Select the subscription or management.

  • In Security center default policy, select View effective policy.

  • Select the policy assignment > Parameters.

  • Enable Transparent Data Encryption on SQL databases should be enabled.

  • Click Review + save.

CLI Remediation Steps

  • Remediation is not possible via the CLI.