Microsoft Azure – Security Capabilities and Tasks of Azure SQL
In this article, we are going to dive into the security module of Azure SQL. The way we’re going to approach this module is by looking at security capabilities and tasks.
At a high level, if we look at some of the capabilities that are available in Azure SQL, you’re going to see a lot of overlap with capabilities you’re familiar with in SQL Server on-premises.
Following are the security capabilities of Azure SQL:
- Active Directory Authentication
- Azure RBAC and locks
- Data encryption
- Dynamic Data Masking
- Advanced Data Security
In addition to that, after each capability, we’re going to try to talk about how Azure recommends you to set up and configure these things as tasks whether it’s your network security, your data protection, or monitoring.
Following are the security tasks that need to be set up for security in Azure SQL:
- Setup and configure network Security
- Setup and configure Data protection
- Setup and configure authentication and authorization
- Monitoring Security
If you think about Azure SQL, it has to be enterprise-class security just like SQL Server. As mentioned earlier, we’d have capabilities and give the users the ability to do tasks that meet their security needs.
This module has four major areas as listed below:
- Firewall Rules,NSG
- Private Link
Identity and Access:
- Authentication options: Azure AD, SQL Auth, Windows Auth
- Azure RBAC
- Roles and Permissions
- Row-level security
- Encryption-in-use(Always Encrypted)
- User-managed keys
- Dynamic Data Masking
- Advanced Threat Detection
- SQL Audit
- Audit Integration with Log Analytics and Event Hubs
- Vulnerability Assessment
- Data Discovery and Classification
- Azure Security Center
This includes network security, for things like the private link or maybe identity and access to do Active Directory authentication into your Azure SQL database. Or it can be data protection, for the different encryption options and even things like Dynamic Data Masking.
Then finally, you need to manage this whole thing. It has various aspects of Azure SQL security management, things you’re familiar with, like auditing, but also new capabilities, things like Advanced Threat Protection. So you’ve seen the overview of Azure SQL security.