You can back up Azure SQL databases that use Transparent Data Encryption (TDE) with customer-managed keys (CMK) configured at the database level.
To enable backups for such databases, you must ensure that the cloud account used for authentication has the appropriate permission to access the encryption key.
Procedure
-
Identify the cloud account authentication type used for Azure SQL backups, which can be:
-
Managed Identity
-
Azure Active Directory (AD) Application.
-
-
Assign the following permission at the subscription level for the selected authentication type:
Microsoft.ManagedIdentity/userAssignedIdentities/assign/action