Azure SQL Server is a cloud-based relational database server that supports many of the same features as Microsoft SQL Server. It provides an easy transition from an on-premises database into a cloud-based one with built-in diagnostics, redundancy, security and scalability. This exercise looks at the security recommendations to set Azure SQL Server policies.

Enable auditing

Auditing for Azure SQL Database and SQL Data Warehouse tracks database events and writes them to an audit log in your Azure storage account, OMS workspace or Event Hubs. Auditing also:

• Helps you maintain regulatory compliance, understand database activity, and gain insight into discrepancies and anomalies that could indicate business concerns or suspected security violations.
• Enables and facilitates adherence to compliance standards, although it doesn't guarantee compliance.

1. In the Azure Portal go to SQL databases.
2. Click+ Add.
3. Create the database with the following settings then clickReview + create and clickCreate:
   • Resource Group: Select myResourceGroup
   • Database name: az500
   • Server:Create new
     • Server Name Give the server a unique name
     • Server admin login: localadmin
     • Password: Pa55w.rd1234
     • Location: EastUS
4. Once the deployment is complete, clickGo to resource.
5. Select Auditing, under theSecurity section.
6. ClickView server settings.
7. SelectOn and check the box next toLog Analytics.
8. Select your Log Analyics workspace created in earlier labs and then clickSave.
9. Exit the Auditing blade.
10. Ensure that Auditing is set to On and check the box next toLog Analytics.
11. Select your Log Analyics workspace created in earlier labs and then clickSave.

Enable a threat detection service

Threat detection for single and pooled databases detects anomalous activities indicating unusual and potentially harmful attempts to access or exploit databases. Threat detection can identify Potential SQL injection, Access from unusual location or data center, Access from unfamiliar principal or potentially harmful application, and Brute force SQL credentials. Threat detection is part of the advanced data security (ADS) offering, which is a unified package for advanced SQL security capabilities. Threat detection can be accessed and managed via the central SQL ADS portal.

1. In the Azure portal go to SQL databases.
2. Under Security, then navigate to Advanced Data Security.
3. ClickSettings.
4. Select Enable Advanced Data Security on the server and clickYes then clickSave.

Enable all threat detection types

Advanced data security (ADS) provides a set of advanced SQL security capabilities, including data discovery & classification, vulnerability assessment, and Advanced Threat Protection (ATP).
Advanced Threat Protection is part of the advanced data security (ADS) offering, which is part of the defense in depth SQL security strategy. Advanced Threat Protection can be accessed and managed via the central SQL ADS portal.

1. In the Azure portal go to SQL databases.
2. Under Security, then navigate to Advanced Data Security.
3. ClickSettings.
4. Ensure that Send alerts is set as appropriate.