Wouldn’t it be nice if we could access one main dashboard / report that pulls in information from many tools such as security centre, SQL advisor and cost management tools? Well you can, thus giving you a focal point to implement best practices, called Azure Advisor. This is not specifically for Azure SQL Database, you can leverage this for most resources within Azure. Later in this blog post you see that I will use it as a focal point for my database infrastructure in Azure.
In the Azure portal under services look for “advisor”
Let it carry out an initial scan, then look at the reports. Very handy. The summary page where this tool classifies recommendations into 5 different categories:
- High Availability
- Security
- Performance
- Operational Excellence
- Cost
Microsoft does provide information of what it uses to produce these recommendations. For example, you can see I am adhering to all performance best practices. View this link for more details.
https://docs.microsoft.com/en-gb/azure/advisor/advisor-performance-recommendations
Azure SQL – Specific
Having a database background, I am more interested in “SQL” impacted resources column, which includes Azure SQL Database, elastic pools, managed instances and virtual machines. So, my task for today for the resources in question is to find out what needs to be addressed. To be specific, use the filter below.
Below you can clearly see that security is the main area to address to adhere to best practice.
Clicking on the security tab will drill down into more details (impact chart), I have three issues. Microsoft suggests that my Managed Instance should have both advanced data security and vulnerability assessments enabled and one of Azure SQL Databases has TDE (Transparent Data Encryption) set to off (which I manually did).
I click on the first recommendation, “advanced data security should be enabled on your managed instance” and Microsoft will provide much details about what it is, why you should use and how to enable it.
You will want some sort of proactive service to help mitigate against those threats shown above (data exfiltration, data spillage and malicious code). In my opinion, this feature should be an important part of your data strategy, just in case you have missed something out.
All About Data 