Task 1 - Azure SQL: Advanced Data Security and Auditing
In this task, we will explore vulnerability assessments, data dicscovery and classification, and audting.
Install the AdventureWorks sample database
- In the Portal, search for and a select SQL databases.
- On the Basics tab, give you database a name, and create a new server.
- On the Additional settings tab, select Sample for Use existing data. Also, Enable advanced data security and Start free trial.
- Review & create, and then Create.
- Wait for the database to deploy.
Review Vulnerability Assessments
- Navigate to your SQL database.
- Under Security select Advanced Data Security.
- Select Vulnerability Assessment.
- Review vulnerability assessments and the risk levels.
- Click Scan.
- The scan does not need to fully complete for results to show.
- Review the Findings.
- Click any Security Check to get more details.
- Review the Passed checks.
- Notice Export Scan Results and Scan History.
Review Data Discovery and Classification
- Return to the Advanced data security blade.
- Select Data Discovery & Classification.
- On the Classification tab, select Add classification. Schema name: SalesLT
- Table name: Customer
- Column name: Phone
- Information type: Contact Info
- Sensitivity label: Confidential
- When finished click Add classification.
- Click the blue bar columns with classification recommendations.
- Notice the data that has been recommended for classification.
- Select the data of interest and then click Accept selected recommendations.
- Save your changes.
Review Auditing
- Return to your SQL database.
- Under Security select Auditing.
- Select On for auditing.
- Click Storage for the destination.
- Select on the Storage account for logs.
- Set Retention day to 45 days.
- Set storage access key to Primary.
- Save your changes.
- Discuss Server level auditing and when how it could be used
Task 2 - Azure SQL: Diagnostics
Note: This demonstration requires an Azure SQL database.
In this task, we will review and configure SQL database diagnostics.
- In the Portal, search for and launch SQL databases.
- From the Overview blade, review the Compute utilization data graphic. Data is available for different time frames (1 hour, 24 hours, 7 days).
- Under Monitoring select Diagnostic settings.
- Click Add diagnostic setting.
- Give your setting a name.
- Under Destination details select Send to Log Analytics. Make a note of the Log Analytics workspace that will be used.
- Under Destination details select Archive to Storage Account.
- Select the Errors log.
- Select the Automatic tuning log.
- Select the Basic metric.
- Give each item a retention time of 45 days. Retention only applies to storage account.
- Save your diagnostic setting.
- In the Portal, search for and launch the Log Analytics workspace.
- Select the workspace that is being using for your database diagnostics.
- Under General select Usage and estimated costs.
- Click Data retention. Use the slider to show how to increse the data retention time. Discuss how additional charges can incur, depending on the pricing plan.
- Under General select Workspace summary.
- Click Add and then search the Marketplace for Azure SQL. This feature may be in Preview. Explain the benefits of using this product.
- Select and then create Azure SQL Analytics.
- It will take few minutes for the product to deploy.
- Click Go to resource once the deployment is completed.
- Click Azure SQL databases.
- Review the additional metrics that are provided by this product.
- You can drill into any graphic for additional details.
Task 3 - Azure SQL: AAD Authentication
Note: This task requires an Azure SQL database that has not had AAD configured. This task also requires SQL
Server Management Studio.
In this task, we will configure Azure AD authentication.
- In the Portal.
- Navigate to your SQL database.
- On the Overview page, there is an Active Directory admin box that shows the current status, configured or not configured.
- Under Settings select Active Directory admin.
- Click Set admin.
- Search for and Select the new Active Directory admin. Remember this user you will need in following steps.
- Be sure to Save your changes.
- In SQL Server Management Studio connect to the database server using your credentials.
- Select the SQL database you configured with a new Active Directory admin.
- Construct a query to create a new user. Insert the admin user and domain. For example, user@contoso.com
- Create user [user@contoso.com] from external provider;
- Run the query and ensure it completes successfully.
- In the Object Explorer navigate your database and Security and Users folder.
- Verify that the new admin user is shown.
- Connect to the new database with the new admin credentials.
- Verify that you can successfully access the database.
Top comments (0)