Summary
In this module and throughout the exercises, you got hands-on with many security capabilities and scenarios that are enabled for Azure SQL.
When you're securing Azure SQL, you should first consider your network and identity access, allowing only connections and access from the right places, people, and applications, depending on your organization and infrastructure. Additionally, you can encrypt and mask sensitive data and apply security management tools, such as those available in the Advanced Data Security suite.
In the next module in this learning path, you'll take a look at the performance capabilities and tasks that can help you monitor and tune performance for Azure SQL as it compares to SQL Server. You'll also learn new capabilities in Azure SQL that can help you automate and accelerate performance.
Learn more
You'll find general and detailed guidance on security for Azure SQL in the Azure SQL security documentation and the Azure SQL security best practices playbook.
Video series: Azure SQL for beginners
People learn in different ways. With that in mind, we created a video series related to this learning path with Channel 9 on YouTube. Access all 60+ videos.
Network security
For more information about Private Link, see Azure Private Link for Azure SQL Database and Azure Synapse Analytics.
For more information about the subnet requirements for Azure SQL Managed Instance, see Create a virtual network for Azure SQL Managed Instance.
Your networking environment and configuration can get complex quickly. You'll want to partner with your networking team to ensure that you have the most secure, functional network. A few handy resources include:
- Azure SQL Database and Azure Synapse Analytics network access controls
- Connect your application to Azure SQL Managed Instance
- IP firewall rules for Azure SQL Database
- Data exfiltration prevention
- Virtual network endpoints and rules
Authentication
To learn more about authentication, see:
- Azure SQL security playbook: Authentication
- Configure Microsoft Entra authentication
- Azure role-based access control (RBAC) roles
For information about contained database users in SQL Server and Azure, see Contained database users: Make your database portable.
Data protection
For more information about Azure SQL Transparent Data Encryption (TDE) with Bring Your Own Key (BYOK), see Azure SQL TDE with customer-managed key.
If you're interested in using Azure Key Vault for BYOK, see Tutorial: Getting started with Always Encrypted. This tutorial uses Azure PowerShell or SMSS.
Managing security
For more information about some of the features discussed for managing security, see:
For information about how to query various Azure Monitor logs with Kusto Query Language, see the Overview of Kusto queries.
To learn more about Microsoft Defender for Cloud and how you can use it to monitor and manage your entire Azure estate, see What is Microsoft Defender for Cloud?.