Secure data in Azure SQL Database with authentication, authorization, and encryption
Updated: October 15, 2015
Azure SQL Database offers a set of built-in features to help secure your data from malicious and unauthorized users. You can choose from a portfolio of simple to implement features that help you protect your data and build more secure applications within Azure. New features include:
- SQL Database support for Azure Active Directory (Azure AD) authentication Azure AD authentication is a mechanism for connecting to SQL Database by using identities in Azure AD for managed and federated domains. It is now available in public preview. With Azure AD authentication, you can manage the identities of database users and other Microsoft services in one central location.
- Row-Level Security Row-Level Security is now generally available. It allows you to restrict access to rows of data based on a user’s identity, role memberships, or query execution context. It centralizes your access logic within the database, which simplifies your application code and reduces the risk of accidental data disclosure. Row-Level Security supports filter predicates (which restrict row-level read access) and block predicates (which restrict row-level write access). Note Block predicates are now in public preview.
- Dynamic data masking Dynamic data masking limits sensitive data exposure by masking it to nonprivileged users. Dynamic data masking helps prevent unauthorized access to sensitive data by enabling customers to designate how much of the sensitive data to reveal, with minimal impact on the application layer. It operates by hiding the sensitive data in the result set of a query over designated database fields, while leaving the underlying database operations unaffected.
- Transparent data encryption Transparent data encryption is now generally available. It helps you meet compliance requirements by encrypting your databases, associated backups, and transaction log files at rest without requiring changes to your applications. It is based on SQL Server transparent data encryption technology, which encrypts the storage of an entire database by using an industry standard AES-256 symmetric database encryption key. SQL Database protects this database encryption key with a service-managed certificate. All key management for database copying, geo-replication, and database restores anywhere in SQL Database is handled by the service. To enable it on your database, in the Azure preview portal, click ON, and then click Save.