We are excited to announce the general availability (GA) of SQL Data Discovery & Classification in Azure SQL databases, Azure SQL Data Warehouse and Azure SQL Database managed instance. SQL Data Discovery & Classification provide a set of built in capabilities for discovering, classifying, labeling & protecting sensitive data.
This GA release significantly enhances existing Information Protection solutions as it supplements similar capabilities available in Microsoft SQL Server 2019, thus offering a cross-platform and hybrid (on-premises / IaaS / PaaS) data classification solution.
Discovering and classifying your most sensitive data (business, financial, healthcare, PII, and so on) can play a pivotal role in your organizational information protection stature. It serves as an infrastructure for meeting regulatory compliance requirements (such as GDPR, HIPPA, PCI etc.), monitoring & alerting on sensitive data access, hardening the security of databases containing highly sensitive data, and more.
Data Discovery & Classification is part of the SQL Advanced Data Security (ADS) offering, which is a unified package for advanced SQL security capabilities. SQL Data Discovery & Classification can be accessed and managed via the central SQL ADS settings.
SQL Data Discovery & Classification in ADS offers the following capabilities:
- Automatic discovery and classification of sensitive database columns, enabling customers to persistently assign classification labels as well as dismiss selected recommendations with the click of a button
- Visibility into the database classification state via dashboards and exportable reports
(Advanced Data Security)
Also available are the following capabilities:
- Better auditing capabilities. The SQL engine is utilizing column classifications to determine the sensitivity of query result sets during query execution. Combined with Azure SQL DB Auditing, customers can audit the sensitivity of the actual data being returned by queries
- Central policy management in Azure Security Center (preview) - provides customers the flexibility and control over how sensitive data is discovered in their systems and enables them to align the sensitivity labels and classification classes to their organizational needs
- Automation and classification at scale with PowerShell cmdlets and T-SQL
- New SQL Client package (preview) for .NET and .NET Core with Data Classification support that now allows partners, developers and 1st party services/apps (SSMS, Excel, Power BI, …) to consume database classification metadata and create business/protection logic on top of it
(Database classification state)
(Classification Recommendations)
Next steps
- Learn more about SQL Data Discovery and Classification
- Learn more about Advanced Data Security for Azure SQL Database
- Learn more about Azure SQL Database and SQL Data Warehouse data discovery & classification
- Consider configuring Get Started with SQL database auditing for monitoring and auditing access to your classified sensitive data
- Learn more about new SQL Client package for .NET and .NET Core with Data Classification support