Remediation

From Azure Portal

1. Go to SQL databases.
2. For each DB instance, under Security, click Data Encryption.
3. Under Transparent data encryption, set Data encryption to On.
4. Click Save.

From Azure CLI

Use the below command to enable Transparent data encryption for SQL DB instance:

az sql db tde set --resource-group <resourceGroup> --server <dbServerName> --database <dbName> --status Enabled

From PowerShell

Use the below command to enable Transparent data encryption for SQL DB instance:

Set-AzSqlDatabaseTransparentDataEncryption -ResourceGroupName <Resource Group Name> -ServerName <SQL Server Name> -DatabaseName <Database Name> -State 'Enabled'

Note:

• TDE cannot be used to encrypt the logical master database in SQL Database. The master database contains objects that are needed to perform the TDE operations on the user databases.
• Azure Portal does not show master databases per SQL server. However, CLI/API responses will show master databases.