Netherlands: Software

Introductie van Micorosoft SQL Server 2016

Issue link:

Contents of this Issue


Page 179 of 212

167 C H A P T E R 8 | Improved Azure SQL Database Important After you enable auditing, you must configure down-level clients to use a security- enabled connection string by changing the fully qualified domain name from to, as described in "SQL Database – Downlevel clients support for Auditing" at us/documentation/articles/sql-database-auditing-and-dynamic-data-masking-downlevel-clients/. Auditing data After you enable auditing, you can view a summary of auditing data in a dashboard format in the Azure Management Portal. To do this, navigate to the Settings blade for your SQL Database, click Auditing & Threat Detection, and then click the Explore button in the Auditing & Threat Detection blade to open the Audit Records blade. The audit records are displayed as a table consisting of the following columns: Event Time, Application Name, Principal Name, Event Type, and Action Status. For more detail, you can click the Open In Excel button at the top of the Audit Records blade. The Excel workbook contains several predefined reports that analyze your database activity. Important Another option is to use the Microsoft Power BI service to connect directly to your auditing logs, as described at "Monitoring your Azure SQL Database Auditing activity with Power BI," auditing-activity-with-power-bi.aspx. Encrypting data Database encryption is becoming a more common security requirement for many organizations. SQL Database now includes the following features for data encryption: Transparent Data Encryption (TDE) TDE encrypts the underlying database files. No one having physical access to the files can read the data without also having the encryption key. Cell-Level Encryption (CLE) By using CLE, you can secure sensitive data, such as Social Security numbers, to prevent anyone from accessing that data without the decryption key. Always Encrypted You can use a set of client libraries to encrypt and decrypt data in SQL Database and protect your data end to end. The encryption and decryption keys remain under the control of your application. Important Although each of these features strengthens the security of SQL Database, you must still employ security best practices when developing your application, including limiting access to the people or applications requiring data and enforcing the principle of least privilege in the database. Transparent Data Encryption TDE was introduced in SQL Server 2008 as a security measure for data at rest. Until SQL Server 2014, it was the only method available for natively encrypting database backups. TDE encrypts only the physical data files, transaction logs, and backups without directly encrypting data tables. That is, if a user has read permission to a database with TDE enabled, the user can query the database and access all the data without having an encryption key. If you move the encrypted files to another server, no one can open and view them on that server. TDE for SQL Database uses the same technology built for on-premises SQL Server, but it has been enhanced to support Intel AES-NI hardware acceleration of encryption, which reduces the CPU/DTU overhead of enabling TDE. In addition, it is easier to configure. To enable TDE, open the blade for your SQL Database in the Azure Management Portal, click the All Settings link, and then click Transparent

Articles in this issue

Links on this page

Archives of this issue

view archives of Netherlands: Software - Introductie van Micorosoft SQL Server 2016