Skip to main content

Remediation

From Azure Portalโ€‹

  1. Go to SQL databases.
  2. For each DB instance, under Security, click Data Encryption.
  3. Under Transparent data encryption, set Data encryption to On.
  4. Click Save.

From Azure CLIโ€‹

Use the below command to enable Transparent data encryption for SQL DB instance:

az sql db tde set --resource-group <resourceGroup> --server <dbServerName> --database <dbName> --status Enabled

From PowerShellโ€‹

Use the below command to enable Transparent data encryption for SQL DB instance:

Set-AzSqlDatabaseTransparentDataEncryption -ResourceGroupName <Resource Group Name> -ServerName <SQL Server Name> -DatabaseName <Database Name> -State 'Enabled'

Note:

  • TDE cannot be used to encrypt the logical master database in SQL Database. The master database contains objects that are needed to perform the TDE operations on the user databases.
  • Azure Portal does not show master databases per SQL server. However, CLI/API responses will show master databases.