SQL Database transparent data encryption should be enabled

Description

SQL Database transparent data encryption (TDE) protects data at rest by limiting data loss even if access controls are bypassed. For example, if the database instance is misconfigured and a hacker obtains sensitive data, that stolen information might be useless if it is encrypted.

Azure Portal

  • Navigate to SQL Databases.

  • Select the SQL Database and in the left navigation, select Transparent data encryption.

  • In Data encryption, select ON.

  • Click Save.

Azure CLI

  • Enable SQL Database data encryption:

az sql db tde set --resource-group <resourceGroup> --server <dbServerName> --database <dbName> --status Enabled