Azure Synapse encrypts data at rest by default using Microsoft-managed keys, however it is recommended that another layer of encryption is added. A customer managed key can be used to encrypt content within SQL pools for additional protection. For more information on Azure Synapse encryption, see the Azure documentation.
References:
https://learn.microsoft.com/en-us/azure/synapse-analytics/security/workspaces-encryption
In Azure Console -
In Terraform -
References:
https://learn.microsoft.com/en-us/azure/synapse-analytics/sql-data-warehouse/sql-data-warehouse-encryption-tde
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/synapse_sql_pool