AZ-021 Microsoft Azure

Transparent Data Encryption (TDE) is enabled.

Transparent Data Encryption (TDE) is enabled.

Domain
Microsoft Azure
Area
Database (SQL)
Automated / manual
Automated

Risk if it fails

Unencrypted DB files expose all rows.

TDE encrypts the database files on disk. Without it, a stolen backup or disk image gives the attacker every row in plain, readable form.

How Tess tests it

1 test — each concludes only on cited evidence.

Transparent Data Encryption (TDE) is enabled.

Automated
Procedure
Confirm TDE status=Enabled on each database.

Read-only command 

az sql db tde show --resource-group <rg> --server <server> --database <db> 2>/dev/null

More in Microsoft Azure

AZ-001 MFA is enforced for all users, especially privileged roles. AZ-002 Number of Global Administrators is limited (typically 2-4). AZ-003 Privileged Identity Management (PIM) provides just-in-time elevation. AZ-004 Legacy/basic authentication is blocked.

Want Tess to test AZ-021 against your evidence?

Book a demo