Azure database security checklist

To help improve security, Azure Database includes many built-in security controls that you can use to limit and control access.

Security controls include:

  • A firewall that enables you to create firewall rules limiting connectivity by IP address,
  • Server-level firewall accessible from the Azure portal
  • Database-level firewall rules accessible from SSMS
  • Secure connectivity to your database using secure connection strings
  • Use access management
  • Data encryption
  • SQL Database auditing
  • SQL Database threat detection

Introduction

Cloud computing requires new security paradigms that are unfamiliar to many application users, database administrators, and programmers. As a result, some organizations are hesitant to implement a cloud infrastructure for data management due to perceived security risks. However, much of this concern can be alleviated through a better understanding of the security features built into Microsoft Azure and Microsoft Azure SQL Database.

Checklist

We recommend that you read the Azure Database Security Best Practices article prior to reviewing this checklist. You'll be able to get the most out of this checklist after you understand the best practices. You can then use this checklist to make sure that you've addressed the important issues in Azure database security.

Checklist Category Description
Protect Data

Encryption in Motion/Transit

Encryption at rest
Control Access

Database Access
  • Authentication (Microsoft Entra authentication) AD authentication uses identities managed by Microsoft Entra ID.
  • Authorization grant users the least privileges necessary.

Application Access
  • Row level Security (Using Security Policy, at the same time restricting row-level access based on a user's identity,role, or execution context).
  • Dynamic Data Masking (Using Permission & Policy, limits sensitive data exposure by masking it to non-privileged users)
Proactive Monitoring

Tracking & Detecting

Microsoft Defender for Cloud
  • Data Monitoring Use Microsoft Defender for Cloud as a centralized security monitoring solution for SQL and other Azure services.

Conclusion

Azure Database is a robust database platform, with a full range of security features that meet many organizational and regulatory compliance requirements. You can easily protect data by controlling the physical access to your data, and using various options for data security at the file-, column-, or row-level with Transparent Data Encryption, Cell-Level Encryption, or Row-Level Security. Always Encrypted also enables operations against encrypted data, simplifying the process of application updates. In turn, access to auditing logs of SQL Database activity provides you with the information you need, allowing you to know how and when data is accessed.

Next steps

You can improve the protection of your database against malicious users or unauthorized access with just a few simple steps. In this tutorial you learn to: