Security Center for SQL Server Database Engine and Azure SQL Database

This page provides links to help you locate the information that you need about security and protection in the SQL Server Database Engineand Azure SQL Database.

Note

The capabilities of Azure SQL Database continue to improve. See the most recent version of this topic for the most recent information about SQL Database.

Authentication: Who are you?	Authorization: What can you do?	Encryption: Storing Secret Data	Connection Security: Restricting and Securing	Auditing: Recording Access
Who Authenticates? Where Authenticated? Using Other Identities	Granting, Revoking, and Denying Permissions Security by Roles Restricting Data Access to Selected Data Elements	Encrypting Files Encrypting Sources Column, Data & Key Encryption	Firewall Protection Encrypting Data in Transit	Automated Auditing Custom Audit Compliance

Links to Specific Related Topics

Authentication: Who are you?
Who Authenticates? (Windows or SQL Server)

• Choose an Authentication Mode

Authenticate at the master database (Logins and database users)

• Create a SQL Server Login

• Managing Databases and Logins in Azure SQL Database

• Create a Database User

Authenticate at a user database

• Contained Database Users - Making Your Database Portable

Using Other Identities

• Credentials (Database Engine)

• Execute as Another Login

• Execute as Another Database User

Encryption: Storing Secret Data
Encrypting Files

• BitLocker (Drive Level)

• NTFS Encryption (Folder Level)

• Transparent Data Encryption (File Level)

• Backup Encryption (File Level)

Encrypting Sources

• Extensible Key Management Module

• Keys Stored in the Azure Key Vault

Column, Data and Key Encryption

• Encrypt by Certificate

• Encrypt by Asymmetric Key

• Encrypt by Symmetric Key

• Encrypt by Passphrase

Authorization: What can you do?
Granting, Revoking, and Denying Permissions

• Permissions Hierarchy (Database Engine)

• Permissions

• Securables

Security by Roles

• Server-Level Roles

• Database-Level Roles

Restricting Data Access to Selected Data Elements

• Restrict Data Access Using Views and Procedures

• Row-Level Security

• Dynamic Data Masking

• Signed Objects

Connection Security: Restricting and Securing
Firewall Protection

• Configure a Windows Firewall for Database Engine Access

• Azure SQL Database Firewall Settings

• Azure Service Firewall Settings

Encrypting Data in Transit

• Secure Sockets Layer for the Database Engine

• Secure Sockets Layer for SQL Database

Auditing: Recording Access
Automated Auditing

• SQL Server Audit (Database Engine)

• SQL Database Auditing

Custom Audit Implementation

• Creating DDL Triggers and DML Triggers

Compliance
SQL Server

• Common Criteria

SQL Database

• Microsoft Azure Trust Center: Compliance by Feature

See Also

Securing SQL Server
Principals (Database Engine)
SQL Server Certificates and Asymmetric Keys
SQL Server Encryption
Surface Area Configuration
Strong Passwords
TRUSTWORTHY Database Property
Database Engine Features and Tasks