Control: SQL managed instances should use customer-managed keys to encrypt data at rest
Description
Implementing Transparent Data Encryption (TDE) with your own key provides you with increased transparency and control over the TDE Protector, increased security with an HSM-backed external service, and promotion of separation of duties. This recommendation applies to organizations with a related compliance requirement.
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.mssql_managed_instance_encryption_at_rest_using_cmk
Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.mssql_managed_instance_encryption_at_rest_using_cmk --share
SQL
This control uses a named query:
mssql_managed_instance_encryption_at_rest_using_cmk