Classify your SQL Database

• Sign-in to the Azure portal.
• Under the Security heading in the Azure SQL Database pane, navigate to Advanced Data Security, and select to enable advanced data security.
• Select the Data discovery and classification (preview) card.

Note: depending on when you work on this exercise, the preview status might be removed.

• Review the Overview tab. Notice that it includes a summary of the current classification state of the database, including a detailed list of all classified columns. You can also filter this view to only see specific schema parts, information types, and labels.
  
  Note: The next two steps assume you have classified data to export. If you don’t, just review the steps.

• To download a report in Excel format, in the top menu of the window select Export.
  

• To begin classifying your data, select the Classification tab at the top of the window.
  
  The classification engine scans your database for columns containing potentially sensitive data and provides a list of recommended column classifications.

• To view and apply classification recommendations:

• View the list. To view the list of recommended column classifications, select the recommendations panel at the bottom of the window.

• Accept recommendations. To accept a recommendation for a specific column, select the check boxes in the left column of the relevant rows. You can also mark all recommendations as accepted by selecting the check box in the recommendations table header.
  

• To apply the selected recommendations, select the blue Accept selected recommendations button.
  a) To manually classify columns as an alternative to or in addition to the recommendation-based classification, in the top menu of the window, select Add classification.
  
  b) In the Add classification blade, configure the five fields that display, and then select Add classification:

• Schema name

• Table name

• Column name

• Information type

• Sensitivity label.
  

• To complete your classification and persistently label (tag) the database columns with the new classification metadata, in the top menu of the window, select Save.

Monitor access to sensitive data
An important aspect of the IP paradigm is the ability to monitor access to sensitive data. Azure SQL Database Auditing has been enhanced to include a new field in the audit log. The data_sensitivity_information field logs the sensitivity classifications (labels) of the actual data that was returned by the query.