Dynamic Data Masking (DDM) is now generally available for Azure SQL Database v12. DDM limits sensitive data exposure by masking it to non-privileged users.
Dynamic Data Masking provides a mechanism to limit access to sensitive data by controlling how the data appears in the output of database queries. Masking rules can be defined on particular columns, indicating how the data in those columns will appear when queried. There are no physical changes to the data in the database—the data remains intact and is fully available to authorized users or applications. Database operations remain unaffected, so DDM can be applied without making any changes to database procedures or application code.
To enable DDM for sensitive fields in your database in the Azure preview portal
, select the relevant fields and designate the masking function you would like to apply. To help you discover potentially sensitive data to mask, the portal offers masking recommendations, which are fields that can be enabled for masking in a single click.
For more information about DDM, see Get started with SQL Database Dynamic Data Masking