DEV Community

Eng Soon Cheah
Eng Soon Cheah

Posted on • Updated on

Create an Azure SQL Database baseline

Azure SQL Server is a cloud-based relational database server that supports many of the same features as Microsoft SQL Server. It provides an easy transition from an on-premises database into a cloud-based one with built-in diagnostics, redundancy, security and scalability. This exercise looks at the security recommendations to set Azure SQL Server policies.

Enable auditing

Auditing for Azure SQL Database and SQL Data Warehouse tracks database events and writes them to an audit log in your Azure storage account, OMS workspace or Event Hubs. Auditing also:

  • Helps you maintain regulatory compliance, understand database activity, and gain insight into discrepancies and anomalies that could indicate business concerns or suspected security violations.
  • Enables and facilitates adherence to compliance standards, although it doesn't guarantee compliance.
  1. In the Azure Portal go to SQL databases.
  2. Click + Add.
  3. Create the database with the following settings then click Review + create and click Create:
    • Resource Group: Select myResourceGroup
    • Database name: az500
    • Server: Create new
      • Server Name Give the server a unique name
      • Server admin login: localadmin
      • Password: Pa55w.rd1234
      • Location: EastUS
  4. Once the deployment is complete, click Go to resource.
  5. Select Auditing, under the Security section.
  6. Click View server settings. Alt Text
  7. Select On and check the box next to Log Analytics.
  8. Select your Log Analyics workspace created in earlier labs and then click Save. Alt Text
  9. Exit the Auditing blade.
  10. Ensure that Auditing is set to On and check the box next to Log Analytics.
  11. Select your Log Analyics workspace created in earlier labs and then click Save. Alt Text

Enable a threat detection service

Threat detection for single and pooled databases detects anomalous activities indicating unusual and potentially harmful attempts to access or exploit databases. Threat detection can identify Potential SQL injection, Access from unusual location or data center, Access from unfamiliar principal or potentially harmful application, and Brute force SQL credentials. Threat detection is part of the advanced data security (ADS) offering, which is a unified package for advanced SQL security capabilities. Threat detection can be accessed and managed via the central SQL ADS portal.

  1. In the Azure portal go to SQL databases.
  2. Under Security, then navigate to Advanced Data Security.
  3. Click Settings.
  4. Select Enable Advanced Data Security on the server and click Yes then click Save.

Enable all threat detection types

Advanced data security (ADS) provides a set of advanced SQL security capabilities, including data discovery & classification, vulnerability assessment, and Advanced Threat Protection (ATP).
Advanced Threat Protection is part of the advanced data security (ADS) offering, which is part of the defense in depth SQL security strategy. Advanced Threat Protection can be accessed and managed via the central SQL ADS portal.

  1. In the Azure portal go to SQL databases.
  2. Under Security, then navigate to Advanced Data Security.
  3. Click Settings.
  4. Ensure that Send alerts is set as appropriate. Alt Text

Top comments (0)