Advanced Data Security (ADS) on Azure SQL Database provides advanced security capabilities to detect threats and protects them. ADS includes the following components.- Data Discovery & Classification
- Vulnerability Assessment
- Advanced Threat Protection
Data Discovery & Classification provides abilities to discover, classify, label and protect sensitive data on your Azure SQL Database. The classification can be either automated or manually created.
Vulnerability Assessment allows you to discover, track and resolve any database vulnerabilities on your Azure SQL Database.
Advanced Threat Protection monitors and detects anomaly activities, SQL injection attacks and potential vulnerabilities on your Azure SQL Database and immediately raises alerts to address them.
a) Logon to the Azure Portal. Refer steps a) and b) for creation of resource group and Azure SQL Database.
b) Navigate to the "sampledb" under the "AAD-SQL" resource group and click on "Advanced data security" and enable it.
c) Once you enable "Advanced Threat Protection", you can see the three components enabled.
Note: In this scenario, we are enabling Advanced Data Security on the server level which means it will be enabled on all Azure SQL Databases within the server.
d) Advanced Data Security can be enabled at the Database level by selecting the database and clicking on "Advanced Data Security" and "Settings".
e) Now you can enable "Advanced Data Security" at Database level as shown below.
f) Now you choose the different vulnerability types you need to monitor at the database level, assign a storage account and assign the email address where the alerts needs to be sent and save the settings.
g) Now you have successfully enabled Azure Data Security both on the server as well as the Database level. Turning it on at Database level is really handy if you need to be notified on specific vulnerabilities at the database level.
No comments:
Post a Comment