Azure Database Security Newsletter - January 2026
Happy New Year and welcome to our first newsletter of 2026! This year, we’re doubling down on something that matters to every one of us: keeping data safe without slowing innovation. Security isn’t just a checkbox—it’s the backbone of everything we build. That’s why our database security strategy is rooted in the Zero Trust model, a simple but powerful idea: never assume, always verify. Here’s what that means in practice: Identity first: Every user and workload proves who they are, every time. Devices matter: Only trusted endpoints get through the door. Networks stay clean: Segmentation and encryption keep traffic locked down. Apps and workloads: Least privilege isn’t optional—it’s standard. Data protected everywhere: Protected at rest, in transit, and under constant watch. Driving all of this is our Security First Initiative (SFI)—a mindset that makes security part of the design, not an afterthought. It’s how we ensure that trust isn’t just a promise; it’s a practice. 2026 is about scaling this vision and making security seamless for everyone. Feature highlights of 2025 Dynamic Data Masking in Cosmos DB Now in public preview, Dynamic Data Masking is a server-side, policy-based security feature that automatically masks sensitive fields at query time for non-privileged users, while leaving the underlying data unchanged. Masking policies are enforced based on user roles and Entra ID identity, supporting privacy and compliance scenarios (PII/PHI) and reducing the need for custom app logic. This enables granular, real-time protection, secure data sharing, and safe testing with anonymized production data. Auditing in Fabric SQL Database Auditing is now in public preview for Fabric SQL Database. This feature allows organizations to track and log database activities—answering critical questions like who accessed what data, when, and how. It supports compliance requirements (HIPAA, SOX), enables robust threat detection, and provides a foundation for forensic investigations. Audit logs are stored in One Lake for easy access, and configuration is governed by both Fabric workspace roles and SQL-level permissions. Customer-Managed Keys in Fabric SQL Database Now in public preview, Customer-Managed Keys (CMK) let you use your own Azure Key Vault keys to encrypt data in Microsoft Fabric workspaces, including all SQL Database data. This provides greater flexibility and control over key rotation, access, and auditing, helping organizations meet data governance and encryption standards. SQL Server 2025 SQL Server 2025 raises the bar for enterprise data protection with a suite of powerful, built-in security enhancements. From eliminating client secrets through managed identity authentication to adopting stronger encryption standards and enforcing stricter connection protocols, this release is designed to help organizations stay ahead of evolving threats. With these updates, SQL Server 2025 simplifies compliance and strengthens data security—right out of the box. Best Practices Corner Don’t use passwords—use Entra instead Modern identity security for Azure SQL means eliminating SQL authentication wherever possible and adopting Microsoft Entra ID–based passwordless authentication. This strengthens security, simplifies identity governance, and aligns with Zero Trust and Microsoft’s Secure Future Initiative principles. Failover Ready? Don’t Forget Your TDE Keys For successful geo-replication setup and failover, all necessary encryption keys for Transparent Data Encryption must be created and available on both primary and secondary servers. It is possible and, in certain cases, required to configure different TDE protectors on replicas, as long as the key material is available on each server. It’s time for TLS 1.2 Legacy TLS 1.0 and 1.1 are no longer secure and are being retired across Azure services. To avoid connection failures and strengthen your security posture, make sure all applications, drivers, and clients connect using TLS 1.2 or higher. Blogs and Video Spotlight Geo-Replication and Transparent Data Encryption Key Management in Azure SQL Database | Microsoft Community Hub Everything you need to know about TDE key management for database restore | Microsoft Community Hub Secure by default: What’s new in SQL Server 2025 security | Microsoft Community Hub Secure by Design: Upcoming CMK and Auditing Features in Fabric SQL Database | Data Exposed Latest progress update on Microsoft’s Secure Future Initiative | Microsoft Security Blog Community & Events The data platform security team will be on-site at several upcoming events. Come and say hi! SQL Konferenz SQLCON - Microsoft SQL Community Conference Call to Action Last year brought some seriously powerful updates—Dynamic Data Masking in Cosmos DB, Auditing in Fabric SQL Database, and Customer Managed Keys that give you full control over your security strategy. These features are built to help you move faster, stay compliant, and protect data without friction. Try them out and see the impact firsthand. If this got you fired up, share it with your team and drop a comment to keep the momentum going. And don’t wait—download SQL Server 2025 today and experience the newest security capabilities in action. Let’s push data security forward together.Securing outbound traffic with Azure Data Factory's outbound network rules
The Outbound Rules feature in Azure Data Factory allows organizations to exercise granular control over outbound traffic, thereby strengthening network security. By integrating with Azure Policy, this feature also improves overall governance.September Calendar IS HERE!
🚀✨ Another month, another exciting calendar from the Microsoft Hero ✨🚀 From 🌍 different time zones, and 🌟 diverse topics, we’re bringing incredible sessions designed for everyone, whether you’re just starting your journey or already an expert in Microsoft and the cloud. This month, we’ve packed the calendar with amazing speakers from across the globe 🌐 who will be sharing their invaluable knowledge and real-world experiences. 🙌 💡 Join our live sessions, learn from inspiring experts, and take a step closer to transforming your career, boosting your skills, and making an impact in your organization. ⏰ Just like last month, we’re covering multiple time zones, from Australia 🇦🇺, to Europe 🇪🇺, to the Americas 🌎, so no matter where you are, there’s a session waiting for you! 👉 Don’t miss out, register today, get ready, and let’s grow together from Zero to Hero! 💪🚀 Santhoshkumar Anandakrishnan https://streamyard.com/watch/3CCPGbvGeEfZ?wt.mc_id=MVP_350258 September 4, 2025 11:00 AM CET September 4, 2025 07:00 PM AEST Arafat Tehsin https://streamyard.com/watch/Nyq7gkQEhXkm?wt.mc_id=MVP_350258 September 9, 2025 11:00 AM CET September 9, 2025 07:00 PM AEST Kim Berg https://streamyard.com/watch/6AyAT6PhD9xv?wt.mc_id=MVP_350258 September 13, 2025 06:00 PM CET Andrew O'Young https://streamyard.com/watch/qTvq25R7dfmu?wt.mc_id=MVP_350258 September 16, 2025 11:00 AM CET September 16, 2025 07:00 PM AEST Pam DeGraffenreid https://streamyard.com/watch/UmwbDn9Gimn8?wt.mc_id=MVP_350258 September 20, 2025 06:00 PM CET Anthony Porter https://streamyard.com/watch/8SFHqmDB3gxH?wt.mc_id=MVP_350258 September 29, 2025 09:00 AM CET September 29, 2025 05:00 PM AESTImplementing Zero Trust: A Guide to Securing Your Data
Data protection is critical for organizations to ensure sensitive information is always protected. Implementing a Zero Trust strategy is an effective way to protect your data. In this guide, we will walk you through the three key components of a data protection strategy and the initial deployment goals for Zero Trust. Learn about what has to be considered to ensure your data is safe at all times, from discovering and classifying your data through monitoring and cleanup.What is Zero Trust and is it the Future of Cybersecurity?
Zero Trust is a security architecture that assumes the network is already infiltrated and implements multi-factor authentication, least privilege access, and real-time monitoring and analytics to secure digital assets. The Zero Trust model goes beyond the traditional perimeter-based security method and focuses on protecting identities, endpoints, applications, data, infrastructure, and networks. By using a Zero Trust model, organizations can better protect themselves from cyber-attacks and data breaches while still making sure they are compliant and staying productive. Zero Trust is the future of cybersecurity because it focuses on visibility, automation, and orchestration. It is also the key to securing your digital estate.Kick Start Your Security Learning with a 7-lesson, Open-Source Course
This course is designed to teach you fundamental cyber security concepts to kick start your security learning. It is vendor agnostic and is divided into small lessons that should take around 30-60 mins to complete. Each lesson has a small quiz and links to further reading if you want to dive into the topic a bit more.
