Hi All
Since this is become more and more important for SQL Azure DB I am writing about 'Security Features in SQL Azure DB'.
I will put everything in a list and links for all features.
1) Azure SQL Database security guidelines and limitations:
a) Link: https://azure.microsoft.com/en-us/documentation/articles/sql-database-security-guidelines/.
b) This link explain about: Firewall, Connection encryption and certificate validation, and some best Practices.
2) Connecting to SQL Database: Best Practices and Design Guidelines:
a) Link: https://azure.microsoft.com/en-us/documentation/articles/sql-database-connect-central-recommendations/
b) This link bring few other links of the FW issue and connection Ports.
3) Connecting to SQL Database By Using Azure Active Directory Authentication
a) Link: https://azure.microsoft.com/en-us/documentation/articles/sql-database-aad-authentication/
b) You have in this link few other links of the options to connect to SQL Azure DB :
i) With Password Authentication.
ii) With Integrated Authentication.
iii)SQL Authentication (https://azure.microsoft.com/en-us/documentation/articles/sql-database-manage-logins/).
4) Security Features Within The SQL:
a) Protect DATA
i)TDE - Transparent Data Encryption: https://msdn.microsoft.com/en-us/library/dn948096.aspx. This is encryption in files level.
ii)Always Encrypted: https://azure.microsoft.com/en-us/blog/microsoft-azure-sql-database-provides-unparalleled-data-security-in-the-cloud-with-always-encrypted/ & https://msdn.microsoft.com/en-us/library/mt163865.aspx . This is encryption in filed level.
b) Control Access:
i) Azure Active Directory: 3.a
ii) Row Level Security: https://azure.microsoft.com/en-us/blog/row-level-security-for-sql-database-is-generally-available/ & https://msdn.microsoft.com/en-us/library/dn765131.aspx
iii)Dynamic Data Masking: https://azure.microsoft.com/en-us/documentation/articles/sql-database-dynamic-data-masking-get-started-portal/ .
c) Monitor Activity:
i) Auditing: https://azure.microsoft.com/en-us/documentation/articles/sql-database-auditing-get-started/ I love this feature….
ii)Threat Detection: https://azure.microsoft.com/en-us/blog/threat-detection-public-preview/.
5) Security Features Within The Portal – RBAC - Role-based Access Control:
i)We can delete DB's via portal – so we need to understand the concept of RBAC: https://azure.microsoft.com/en-us/documentation/articles/role-based-access-control-configure/ & look for SQL in https://azure.microsoft.com/en-us/documentation/articles/role-based-access-built-in-roles/.
a) Link: https://azure.microsoft.com/en-us/documentation/articles/sql-database-security-guidelines/.
b) This link explain about: Firewall, Connection encryption and certificate validation, and some best Practices.
2) Connecting to SQL Database: Best Practices and Design Guidelines:
a) Link: https://azure.microsoft.com/en-us/documentation/articles/sql-database-connect-central-recommendations/
b) This link bring few other links of the FW issue and connection Ports.
3) Connecting to SQL Database By Using Azure Active Directory Authentication
a) Link: https://azure.microsoft.com/en-us/documentation/articles/sql-database-aad-authentication/
b) You have in this link few other links of the options to connect to SQL Azure DB :
i) With Password Authentication.
ii) With Integrated Authentication.
iii)SQL Authentication (https://azure.microsoft.com/en-us/documentation/articles/sql-database-manage-logins/).
4) Security Features Within The SQL:
a) Protect DATA
i)TDE - Transparent Data Encryption: https://msdn.microsoft.com/en-us/library/dn948096.aspx. This is encryption in files level.
ii)Always Encrypted: https://azure.microsoft.com/en-us/blog/microsoft-azure-sql-database-provides-unparalleled-data-security-in-the-cloud-with-always-encrypted/ & https://msdn.microsoft.com/en-us/library/mt163865.aspx . This is encryption in filed level.
b) Control Access:
i) Azure Active Directory: 3.a
ii) Row Level Security: https://azure.microsoft.com/en-us/blog/row-level-security-for-sql-database-is-generally-available/ & https://msdn.microsoft.com/en-us/library/dn765131.aspx
iii)Dynamic Data Masking: https://azure.microsoft.com/en-us/documentation/articles/sql-database-dynamic-data-masking-get-started-portal/ .
c) Monitor Activity:
i) Auditing: https://azure.microsoft.com/en-us/documentation/articles/sql-database-auditing-get-started/ I love this feature….
ii)Threat Detection: https://azure.microsoft.com/en-us/blog/threat-detection-public-preview/.
5) Security Features Within The Portal – RBAC - Role-based Access Control:
i)We can delete DB's via portal – so we need to understand the concept of RBAC: https://azure.microsoft.com/en-us/documentation/articles/role-based-access-control-configure/ & look for SQL in https://azure.microsoft.com/en-us/documentation/articles/role-based-access-built-in-roles/.
Security Center
Last and not least is the new Security Center. Insert into the Portal and go to the Security Center:
now we can see the wrong configurations for each type : VM's, network and DB
what the suggest now is the auditing and TDE features - if we enabled or disabled them.
Very nice feature
thanks.
