Hoping someone can answer what maybe a very simple question.
We are looking to setup Dynamic data masking across our AzureSQL databases based on specific groups i.e. if you are in specific groups data will not be masked, otherwise it will be. The relese documentation for DDDM suggests that AzureAD groups are supported, but all the recent documentation suggests that we need to add specific users and does not refer to groups at all. Surely this cannot be right? Can anyone confirm if it is possible to use AzureAD groups to exclude from DDDM in AzureAD?
Also the documentation states that administrators will be excluded from DDDM, while this makes logical sense, it does not define what it means by an Administrator in the context of AzureSQL. Are we talking the sysadmin role, or other privileged roles, if so which ones? Is anyone able to bring some clarity to this please?
Many thanks for your help.
Rob