Ensure that "Monitor SQL Encryption" feature is enabled within your Microsoft Azure cloud account settings so that Azure Security Center can verify if your SQL database servers have encryption enabled.
This rule resolution is part of the Conformity Security & Compliance tool for Azure.
Azure Security Center strongly recommends that you enable Transparent Data Encryption (TDE) on your Azure SQL servers in order to safeguard your data in the event of a data breach. TDE protects your data and helps you meet regulatory compliance by encrypting your SQL databases, their associated backups, and transaction log files at rest, without having to change your application. With SQL encryption monitoring turned on, Azure Security Center can determine if encryption at rest is enabled for your Azure SQL databases. In case Transparent Data Encryption is not already enabled, the Security Center service will recommend you to do so.
Audit
To determine if SQL encryption monitoring is enabled within Azure Security Center, perform the following actions:
Remediation / Resolution
To enable SQL encryption monitoring and recommendations for Azure SQL database servers, perform the following actions:
References
- Azure Official Documentation
- Working with security policies
- Protect Azure data and storage services in Azure Security Center
- Transparent data encryption for SQL Database and Data Warehouse
- CIS Microsoft Azure Foundations
- Azure Command Line Interface (CLI) Documentation
- az
- az account get-access-token
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.

You are auditing:
Enable SQL Encryption Monitoring
Risk level: Medium