Azure SQL Basics - Advanced Data Security

Note that this post is a part of the series. You can view all posts in this series here: Azure SQL and Data Factory Basics - Index

In this post, we will be discussing the Advanced Data Security feature on the Azure SQL Servers. It is enabled at the server level and will be automatically enabled at the database level. It is a charged service. Once you enabled it, you will be charged per month for this service. To access the advanced data security, go to all resources and select the server for which you want to enable the ADS to feature and go to the Security section, and click on advanced data security.

Below are the settings for ADS:

1. Select the ‘On’ to enable the ADS.
2. Select the subscription from the subscripton dropdown. You need to have the storage account for this. If you don’t have a storage account previously created, it will ask you to create the new one.
3. Provide the appropriate email address to get any activity notification.
4. You can select the type of protection from the list as highlighted in the screenshot.

Different types of Advanced Thread Protection types include:

1. SQL Injection – to protect you from such attacks
2. SQL injection vulnerability – to check if there is any such vulnerabilities in the database
3. Data exfiltration
4. Unsafe action
5. Brute Force
6. Anomalous client logins

You can also view and update the Advanced Data Security settings from the Azure SQL Database as shown below.

Although, as the settings are applied and billed at the server level, you get more control to view the settings from the server. The graphs and analytics of data security are shown at the Database level.