Azure Advisor – for Azure Data Platform

Wouldn’t it be nice if we could access one main dashboard / report that pulls in information from many tools such as security centre, SQL advisor and cost management tools? Well you can, thus giving you a focal point to implement best practices, called Azure Advisor. This is not specifically for Azure SQL Database, you can leverage this for most resources within Azure.  Later in this blog post you see that I will use it as a focal point for my database infrastructure in Azure.

In the Azure portal under services look for “advisor”

azureadvisor

Let it carry out an initial scan, then look at the reports. Very handy. The summary page where this tool classifies recommendations into 5 different categories:

  • High Availability
  • Security
  • Performance
  • Operational Excellence
  • Cost

dashboard

Microsoft does provide information of what it uses to produce these recommendations. For example, you can see I am adhering to all performance best practices. View this link for more details.

https://docs.microsoft.com/en-gb/azure/advisor/advisor-performance-recommendations

Azure SQL – Specific

Having a database background, I am more interested in “SQL” impacted resources column, which includes Azure SQL Database, elastic pools, managed instances and virtual machines. So, my task for today for the resources in question is to find out what needs to be addressed. To be specific, use the filter below.

sqlfilters

Below you can clearly see that security is the main area to address to adhere to best practice.

secure

Clicking on the security tab will drill down into more details (impact chart), I have three issues. Microsoft suggests that my Managed Instance should have both advanced data security and vulnerability assessments enabled and one of Azure SQL Databases has TDE (Transparent Data Encryption) set to off (which I manually did).

impactchart

I click on the first recommendation, “advanced data security should be enabled on your managed instance” and Microsoft will provide much details about what it is, why you should use and how to enable it.

adsmain

You will want some sort of proactive service to help mitigate against those threats shown above (data exfiltration, data spillage and malicious code). In my opinion, this feature should be an important part of your data strategy, just in case you have missed something out.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s