Azure SQL Database Baseline

As part of your design, you will most likely have a requirement for a relational database. This is where Azure SQL DB comes in. It’s basically a cloud version of Microsoft SQL Server but with additional features wrapped around it, for example, diagnostics, redundancy and security.

Enable Auditing

Because it’s a database it will most likely contain data in which you want to keep secure. Enabling auditing allows you to record/audit database events. You can then view these to ensure that there is a level of data integrity or for troubleshooting purposes.

Microsoft recommend enabling this feature because it:

  • Helps you maintain regulatory compliance, understand database activity, and gain insight into discrepancies and anomalies that could indicate business concerns or suspected security violations.
  • Enables and facilitates adherence to compliance standards, although it doesn’t guarantee compliance.

To enable, go to: SQL databases > Your instance > Auditing and select ON:

Remember that you will need a place to store the logs.

Once you enable this, you will need to set the retention. Again, this will come at a cost so it will need to match your ideal retention policy. To set this, click on your chosen audit log destination (Storage).

You will then see the below window which will allow you to customise your settings:

Enable Advance Threat Detection

This is the advanced data security feature which adds a whole stack of controls around your database. The threat detection will be able to prevent and identify attacks such as brute-force, harmful applications or access from unknown or unusual locations. This comes at cost. The benefit should outweigh it for most.

Databases are always an attraction to malicious parties, so you want to ensure you have the right level of security.  

To enable, go to: SQL databases > Your instance > Advanced Data Security and Enable:

You will also want notifications sent to your monitoring/security team:

You will also have the option to email both service and co-administrators: