Skip to main content

All about Security in SQL Azure DB

Hi All
 
Since this is become more and more important for SQL Azure DB I am writing about 'Security Features in SQL Azure DB'.
 
I will put everything in a list and links for all features.
1)    Azure SQL Database security guidelines and limitations:
  a) Link: https://azure.microsoft.com/en-us/documentation/articles/sql-database-security-guidelines/.
  b) This link explain about: Firewall, Connection encryption and certificate validation, and some best Practices.
2)    Connecting to SQL Database: Best Practices and Design Guidelines:
  a) Link: https://azure.microsoft.com/en-us/documentation/articles/sql-database-connect-central-recommendations/
  b) This link bring few other links of the FW issue and connection Ports.
3)    Connecting to SQL Database By Using Azure Active Directory Authentication
  a) Link: https://azure.microsoft.com/en-us/documentation/articles/sql-database-aad-authentication/
  b) You have in this link few other links of the options to connect to SQL Azure DB :
    i)  With Password Authentication.
    ii) With Integrated Authentication.
    iii)SQL Authentication (https://azure.microsoft.com/en-us/documentation/articles/sql-database-manage-logins/).
4)    Security Features Within The SQL:
  a) Protect DATA
    i)TDE - Transparent Data Encryption: https://msdn.microsoft.com/en-us/library/dn948096.aspx. This is encryption in files level.
    ii)Always Encrypted: https://azure.microsoft.com/en-us/blog/microsoft-azure-sql-database-provides-unparalleled-data-security-in-the-cloud-with-always-encrypted/ & https://msdn.microsoft.com/en-us/library/mt163865.aspx .  This is encryption in filed level.
  b) Control Access:
    i)  Azure Active Directory: 3.a
    ii) Row Level Security: https://azure.microsoft.com/en-us/blog/row-level-security-for-sql-database-is-generally-available/ & https://msdn.microsoft.com/en-us/library/dn765131.aspx
    iii)Dynamic Data Masking: https://azure.microsoft.com/en-us/documentation/articles/sql-database-dynamic-data-masking-get-started-portal/ .
  c) Monitor Activity:
    i) Auditing: https://azure.microsoft.com/en-us/documentation/articles/sql-database-auditing-get-started/ I love this feature….
    ii)Threat Detection: https://azure.microsoft.com/en-us/blog/threat-detection-public-preview/.
5) Security Features Within The Portal – RBAC - Role-based Access Control:
    i)We can delete DB's via portal – so we need to understand the concept of RBAC: https://azure.microsoft.com/en-us/documentation/articles/role-based-access-control-configure/ & look for SQL in https://azure.microsoft.com/en-us/documentation/articles/role-based-access-built-in-roles/.
Security Center

Last and not least is the new Security Center. Insert into the Portal and go to the Security Center:
 
now we can see the wrong configurations for each type : VM's, network and DB
 
 
what the suggest now is the auditing and TDE features - if we enabled or disabled them.
 
 

 

Very nice feature
 
 
thanks.
 
Labels:

Comments

Post a Comment

Popular posts from this blog

Extended Events in SQL Azure

Hi Everybody   Today an English post about 'Extended Events in SQL Azure', some of you shorten the name to 'EE' and some to 'XEvent'. I Love EE so this is how I will call it in this post.   This feature was introduce in SQL Server 2008 and its should help collecting DATA about what is running in the Server.   More Details about this SQL Server feature can be found in this Link: https://msdn.microsoft.com/library/bb630282.aspx?f=255&MSPPError=-2147217396   There are a few differences between EE in SQL Azure and regular SQL Server: In SQL Server versions the EE are on the Server level and therefore you create sessions on Server. In SQL Azure the server is a virtual entity - so the EE is in DB level and you create the session on DataBase. In SQL Server versions the EE can write to files on the server. SQL Azure does not have drives for files (SQL Azure is PAAS.....:-)). There is an option to write to blob storage, for this we need t...
Post a Comment
Read more

How to restore deleted Azure Synapse dedicated SQL pool

  Existing dedicated pool can be easily restored from Azure portal or PowerShell command, but for now deleted pool could be restored from PowerShell only! Example: # Connect to Azure with system-assigned managed identity $AzureContext = (Connect-AzAccount -Identity).context # set and store context $AzureContext = Set-AzContext -SubscriptionName $AzureContext.Subscription -DefaultProfile $AzureContext # $AzureContext = Set-AzContext -SubscriptionName $SubscriptionName -DefaultProfile $AzureContext $SubscriptionName="Databases" $ResourceGroupName="stg-rg-we" $ServerName="stg-synapse-we"   $DatabaseName="sql_we_2023_11_07_13_42" $NewDatabaseName="sql_dp_we_deleted" ######################################## $token = (Get-AzAccessToken -ResourceUrl https://database.windows.net).Token $SubscriptionId = "ce088f9e-1111111a3914b" $DedicatedPoolEndPoint = "stg-synapse-we.sql.azuresynapse.net" $DedicatedPoolName = $DatabaseNam...
Post a Comment
Read more

The journey to the Lakehouse

A long time has passed since the last post, we have gone through a long and tedious journey to adapt what Azure offers us, to our needs. Our needs were simple, the Current Datawarehouse (SQL Server on VM inazure) served the BI. ML teams worked on GCP, we want to let both teams to work on Azure in a platform that will have the ability to scale and will not fail every 2 days. We checked: Snowflake on azure Synapse analytics GCP We decided to go for the full Azure product for the reasons: Migration time support costs Synapse as a platform contains many components, and the challenge was to find what fits  us as an organization and as a group. The knowledge of the people and their abilities influenced the plans. Here's what we planned and what we did: We start to put everything in the Data Lake in parquet or delta format, build on top of Azure ADLS gen 2. We had to move some data to T-SQL compatible platform, so this involves setting up a dedicated Synapse pool , which is a fully man...
Post a Comment
Read more