@Rizwan Ansari Thank you for your question. I personally deal with Azure Web Apps so I can speak to that part of things. I would kindly request you to create a second question with just the azure-sql-database tag so an expert from the SQL team can assist you with that side of things.
In regards to encryption at rest with Azure Web Apps, there is a two part answer.
With an App Service Environment, you have the ability to turn on internal encryption. More on that can be found here.
If you are talking about the multi-tenant web app product, there are a few points to share. Firstly, as of today, locally attached disks on App Service VMs are not encrypted at rest. From a developer perspective, that means anything within "D:\local" when logged into a Kudu console is not encrypted at rest. Overall, customer data is encrypted but devs are urged to be cautious as it's possible to write to D:\local disk, which would not be encrypted. Keep in mind that we are assuming that items like ASP.NET DLLs that are stored on the local drive but we assume developers are not following bad practices such as compiling encryption keys into their binaries. Note that custom container web apps are loaded onto a locally attached disk and it will not be encrypted at rest.
There is work being done to offer encryption at rest as a feature in the future but there is nothing to share at this team regarding features or an ETA.
If you are asking from a compliance perspective, you should consider an App Service Environment or see about requesting an exemption.
If you are asking so that you can sleep better at night, I encourage you to review the Azure Security overview of our datacenters.
Please let me know if you have any further questions about encryption at rest on App Services and I would be happy to answer them.