Ensure that Transparent Data Encryption (also known as encryption at rest) is enabled for all SQL databases available within your Microsoft Azure cloud account for protecting your data at rest.
This rule resolution is part of the Conformity Security & Compliance tool for Azure.
Transparent data encryption (TDE) helps protect Azure SQL databases against the threat of malicious activity by encrypting data at rest. It performs real-time encryption and decryption of the database, its associated backups and transaction log files stored at rest, without requiring changes to your database application. The feature encrypts the storage of an entire SQL database by using a symmetric key named the database encryption key. This database encryption key is protected by the TDE protector. The protector is either a service-managed certificate or a customer-managed key (i.e. Bring Your Own Key - BYOK) stored within Azure Key Vault service.
To determine if encryption at rest is enabled for all your Azure SQL databases, perform the following actions:
Remediation / Resolution
To enable Transparent Data Encryption (TDE) for your Microsoft Azure SQL databases (including their backups and transaction log files), perform the following actions:
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Enable Transparent Data Encryption for SQL Databases
Risk level: Medium