Azure-SecurityCenter-Monitor-SQL-Encryption

Severity: Medium

Description: This control ensures that Transparent Data Encryption' is enabled for a threat detection policy on a SQL server. SQL Database transparent data encryption helps protect against the threat of malicious activity by performing real-time encryption and decryption of the database, associated backups, and transaction log files at rest without requiring changes to the application.

Remediation Steps:

Perform following to update SQL data encryption parameters:

1. Login to Azure Portal using https://portal.azure.com.

2. Go to SQL databases service.

3. Select DB instance to configure Data Encryption.

4. Click on Transparent data encryption under Security section.

5. Set Data encryption to On.

Important:

Reference:

• CIS reference: Azure Foundations Benchmark v1.3.0 - 02-01-2021 : Recommendation #4.1.2

• Transparent data encryption - Azure SQL Database & Azure SQL Managed Instance & Azure Synapse Analytics