Ensure that a Customer-Managed Key (CMK) is created and configured for your Microsoft Azure application tier.
Setting a CMK for database tier, you gain full control over who can use this key to access the database tier data, implementing the principle of least privilege on the encryption key ownership and usage.
Ensure a CMK created and configured for database tier in each region.