diff --git a/examples/database/postgresqlserver.yaml b/examples/database/postgresqlserver.yaml
index fe4edea4..bfd304e9 100644
--- a/examples/database/postgresqlserver.yaml
+++ b/examples/database/postgresqlserver.yaml
@@ -11,8 +11,8 @@ spec:
     resourceGroupNameRef:
       name: example-rg
     location: West US 2
-    minimalTlsVersion: TLS12
-    sslEnforcement: Disabled
+    minimalTlsVersion: TLS1_2
+    sslEnforcement: Enabled
     version: "9.6"
     sku:
       # Note that Basic servers do not support virtual network rules
diff --git a/pkg/clients/database/mysql.go b/pkg/clients/database/mysql.go
index a03e3724..5a4fd899 100644
--- a/pkg/clients/database/mysql.go
+++ b/pkg/clients/database/mysql.go
@@ -338,7 +338,7 @@ func IsMySQLUpToDate(p azuredbv1beta1.SQLServerParameters, in mysql.Server) bool
 		return false
 	}
 	switch {
-	case p.MinimalTLSVersion != string(in.MinimalTLSVersion):
+	case p.MinimalTLSVersion != string(in.MinimalTLSVersion) && p.SSLEnforcement != string(mysql.SslEnforcementEnumDisabled):
 		return false
 	case p.SSLEnforcement != string(in.SslEnforcement):
 		return false
diff --git a/pkg/clients/database/postgresql.go b/pkg/clients/database/postgresql.go
index d620349b..53642e99 100644
--- a/pkg/clients/database/postgresql.go
+++ b/pkg/clients/database/postgresql.go
@@ -331,7 +331,7 @@ func IsPostgreSQLUpToDate(p azuredbv1beta1.SQLServerParameters, in postgresql.Se
 		return false
 	}
 	switch {
-	case p.MinimalTLSVersion != string(in.MinimalTLSVersion):
+	case p.MinimalTLSVersion != string(in.MinimalTLSVersion) && p.SSLEnforcement != string(postgresql.SslEnforcementEnumDisabled):
 		return false
 	case p.SSLEnforcement != string(in.SslEnforcement):
 		return false