Azure-SecurityCenter-Monitor-SQL-Encryption

Severity: Medium

Description: This control ensures that Transparent Data Encryption' is enabled for a threat detection policy on a SQL server. SQL Database transparent data encryption helps protect against the threat of malicious activity by performing real-time encryption and decryption of the database, associated backups, and transaction log files at rest without requiring changes to the application.

Remediation Steps:

Perform following to update SQL data encryption parameters:

1. Login to Azure Portal using https://portal.azure.com.

2. Go to SQL databases service.

3. Select DB instance to configure Data Encryption.

4. Click on Transparent data encryption under Security section.

5. Set Data encryption to On.

Important:

Reference:

• CIS reference: Azure Foundations Benchmark v1.3.0 - 02-01-2021 : Recommendation #4.1.2

• https://docs.microsoft.com/en-us/sql/relational-databases/security/encryption/transparent-data-encryption-with-azure-sql-database