Open In App

Microsoft Azure – Security Capabilities and Tasks of Azure SQL

Improve
Improve
Like Article
Like
Save
Share
Report

In this article, we are going to dive into the security module of Azure SQL. The way we’re going to approach this module is by looking at security capabilities and tasks. 

At a high level, if we look at some of the capabilities that are available in Azure SQL, you’re going to see a lot of overlap with capabilities you’re familiar with in SQL Server on-premises. 

Security capabilities:

Following are the security capabilities of Azure SQL:

  • Active Directory Authentication
  • Azure RBAC and locks
  • Auditing
  • Data encryption
  • Dynamic Data Masking
  • Advanced Data Security

In addition to that, after each capability, we’re going to try to talk about how Azure recommends you to set up and configure these things as tasks whether it’s your network security, your data protection, or monitoring. 

Security Tasks:

Following are the security tasks that need to be set up for security in Azure SQL:

  • Setup and configure network Security
  • Setup and configure Data protection
  • Setup and configure authentication and authorization
  • Monitoring Security

If you think about Azure SQL, it has to be enterprise-class security just like SQL Server.  As mentioned earlier, we’d have capabilities and give the users the ability to do tasks that meet their security needs.

This module has four major areas as listed below:

Network Security:

  • VNET
  • Firewall Rules,NSG
  • Private Link

Identity and Access:

  • Authentication options: Azure AD, SQL Auth, Windows Auth
  • Azure RBAC
  • Roles and Permissions
  • Row-level security

Data Protection:

  • Encryption-in-use(Always Encrypted)
  • Encryption-at-rest(TDE)
  • Encryption-in-flight(TLS)
  • User-managed keys
  • Dynamic Data Masking

Security Management:

  • Advanced Threat Detection
  • SQL Audit
  • Audit Integration with Log Analytics and Event Hubs
  • Vulnerability Assessment
  • Data Discovery and Classification
  • Azure Security Center

This includes network security, for things like the private link or maybe identity and access to do Active Directory authentication into your Azure SQL database. Or it can be data protection, for the different encryption options and even things like Dynamic Data Masking. 

Then finally, you need to manage this whole thing. It has various aspects of Azure SQL security management, things you’re familiar with, like auditing, but also new capabilities, things like Advanced Threat Protection. So you’ve seen the overview of Azure SQL security. 


Last Updated : 31 Mar, 2023
Like Article
Save Article
Previous
Next
Share your thoughts in the comments
Similar Reads