Other Articles

SQL Database – Enable Database Encryption

This check ensures that encryption is enabled for Azure SQL Databases. Encryption protects data at rest by automatically encrypting database files, backups, and transaction logs using industry-standard encryption mechanisms.

Check Details

  • Resource: SQL Server / SQL Database
  • Check: Ensure SQL Databases Are Encrypted
  • Risk: Unencrypted SQL databases may expose sensitive data at rest, leading to data breaches and compliance violations.

Remediation via Azure Portal

  1. Log in to the Azure Portal. Azure Portal dashboard
  2. Navigate to Azure SQL Database.
  3. Under SQL databases, choose the affected database. SQL databases list
  4. In the left-hand menu, select Data encryption under Security. Transparent Data Encryption menu
  5. Ensure Data Encryption is set to Enabled. Transparent Data Encryption enabled
  6. Click Save to apply the configuration.

Remediation via Azure CLI

  1. Open Azure Cloud Shell or a local terminal with Azure CLI installed. Azure Cloud Shell
  2. Enable Transparent Data Encryption for the SQL database: 
    az sql db tde set \
 --resource-group <resource-group> \
 --server <sql-server-name> \
 --database <database-name> \
 --status Enabled
  3. Verify the encryption status: 
    az sql db tde show \
 --resource-group <resource-group> \
 --server <sql-server-name> \
 --database <database-name>

Replace <resource-group>, <sql-server-name>, and <database-name> with your actual values.