![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(294.40000000000003, 84%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAS%3C/text%3E%3C/svg%3E)
Azure Database for MySQL
An Azure managed MySQL database service for app development and deployment.
714 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 95%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAM%3C/text%3E%3C/svg%3E)
The server security is a shared responsibility between Azure and the customer. Hereunder are some insights can help you securing the server data against any unintentional deletion or drop.
- Make sure to remove 0.0.0.0 from the server firewall and restrict the connections to only trusted clients. For more information check out Azure MySQL documentation:
https://learn.microsoft.com/en-us/azure/mysql/concepts-security
Also, you can improve the connectivity security by using private endpoints, More details can be found at Microsoft Tech Community blogs:
Securing Connectivity to Azure Database for MySQL - Microsoft Tech Community - https://techcommunity.microsoft.com/t5/azure-database-for-mysql-blog/securing-connectivity-to-azure-database-for-mysql/ba-p/783076
Connectivity and network security improvements for Azure Database for MySQL - Microsoft Tech Community - https://techcommunity.microsoft.com/t5/azure-database-for-mysql-blog/connectivity-and-network-security-improvements-for-azure/ba-p/1231180
- Enable Audit, and make sure to have audit event.
audit_log_events: controls the events to be logged. See below table for specific audit events. For example:-
Event Description
CONNECTION - Connection initiation (successful or unsuccessful)
DML DML = DML_SELECT + DML_NONSELECT
DDL Queries like "DROP DATABASE"
More information can be found at references:
https://learn.microsoft.com/en-us/azure/mysql/concepts-audit-logs
https://learn.microsoft.com/en-us/azure/mysql/howto-configure-audit-logs-portal
- tighten the user access and privileges. work with DBA to create different users than the database admin with less privileges,
you can refer to the document: Create databases and users - Azure Database for MySQL | Microsoft Learn
https://learn.microsoft.com/en-us/azure/mysql/howto-create-users?tabs=single-server
You can find more information and best practices to securing the azure server for MySQL at:
Azure security baseline for Azure Database for MySQL | Microsoft Learn - https://learn.microsoft.com/en-us/security/benchmark/azure/baselines/mysql-security-baseline
App development best practices - Azure Database for MySQL | Microsoft Learn - https://learn.microsoft.com/en-us/azure/mysql/app-development-best-practices
We do sincerely understand the inconvenience might be caused by such incident, nonetheless We do assure that applying the best practices will allow you to prevent, audit, monitor and control such incidents in the future.
Hope this helps!