Ensure that the SQL encryption monitoring feature is enabled within the Microsoft Defender for Cloud settings so that Microsoft Azure can verify if your SQL database servers have encryption enabled.
This rule resolution is part of the Conformity Security & Compliance tool for Azure.
Microsoft strongly recommends that you enable Transparent Data Encryption (TDE) on your Microsoft SQL servers in order to safeguard your data in the event of a data breach. TDE protects your data and helps you meet regulatory compliance by encrypting your SQL databases, their associated backups, and transaction log files at rest, without having to change your application. With SQL encryption monitoring turned on, Microsoft Defender for Cloud can determine if the encryption at rest is enabled for your SQL database servers. In case Transparent Data Encryption is not already enabled, the Microsoft Defender for Cloud service will recommend you to do so.
Audit
To determine if the monitoring of unencrypted SQL database servers is enabled within the Microsoft Defender for Cloud security policy, perform the following actions:
Remediation / Resolution
To enable Transparent Data Encryption monitoring and recommendations for your Microsoft SQL database servers, perform the following actions:
References
- Azure Official Documentation
- Microsoft Defender for Cloud documentation
- What is Microsoft Defender for Cloud?
- Azure Policy built-in policy definitions
- Manage security policies
- CIS Microsoft Azure Foundations
- Azure Command Line Interface (CLI) Documentation
- az
- az account get-access-token