The mission of the Security & Governance team in the Azure Databases organization is to ensure that
(1) the data our customers entrust in our services is safe and managed in a manner that is compliant with all regulations and privacy laws,
(2) that all SQL products are integrated with Microsoft Purview and Microsoft Defender, and
(3) that we offer a portfolio of industry leading security features that help customers meet the most stringent security requirements.
2022 was another successful year for our team and we are excited about the features and capabilities we shipped in our products. This blog post highlights some of the important deliverables our teams have made in security and data governance that are generally available (GA) in Azure SQL Database (DB), Azure SQL Managed Instance (MI) or in SQL Server 2022.
Authentication |
· Azure Active Directory (Azure AD) authentication for SQL Server 2022 · Managed identity in Azure AD for Azure SQL DB & Azure SQL MI · Ability to turn off SQL Authentication in favor of Azure AD only for Azure SQL DB & Azure SQL MI · Windows Authentication for Azure AD principals in Azure SQL MI |
SQL Roles & Permissions |
· New built-in server-level roles for SQL Server 2022 · New granular permissions for Azure SQL DB, Azure SQL MI and SQL Server 2022 |
Data-at-rest encryption using Transparent Data Encryption (TDE) in SQL |
· Automated Key Rotation for TDE BYOK for Azure SQL DB & Azure SQL MI · User-Assigned Managed Identity for TDE CMK for Azure SQL DB and Azure SQL MI |
Ledger |
· Ledger for Azure SQL DB and SQL Server 2022 |
Private Link |
· Azure Private Link for Azure SQL DB and Azure Synapse Analytics |
Firewall Rules & Network Security Groups |
· Outbound firewall rules for Azure SQL DB and Azure Synapse Analytics |
Data Classification |
· Availability of Microsoft Information Protection labels when using native data classification in Azure SQL DB & Azure SQL MI · Availability of Microsoft Information Protection labels when using SSMS with native data classification SSMS in SQL Server (any supported version) |
Integration with Microsoft Purview |
· Microsoft Purview access policies for SQL Server 2022 |
Auditing |
· User Managed Identity (UMI) support for Auditing for Azure SQL DB · Named replicas in Azure SQL Hyperscale can now be audited with SQL Auditing (Azure SQL DB) |
More detailed information on the security portfolio supported by SQL Server 2022 can be found here: What's new in SQL Server 2022 - SQL Server – Security | Microsoft Learn
In addition to the features listed above, our team has also released a number of security features that are specifically available only in SQL Server on Azure Compute VMs: What's new? - SQL Server on Azure VMs | Microsoft Learn.