At first I was nervous but then I realized it was me triggering “Someone has logged on to your server from an unusual location” message against my Azure SQL database. The process of investigating the “rouge” login didn’t help with what Microsoft offered , I mean it seems hit and miss whether I get routed to the correct audit information via the investigation steps.
Back in September 2017 Microsoft announced a new security feature for Azure SQL Database called the SQL Vulnerability Assessment (VA). It is currently in preview mode where it has the ability to find, you can guess, security based vulnerabilities for your database such as misconfigurations, excessive permissions, and exposed sensitive data.
Let’s setup a scan. You can find this feature within the settings section of your database.
When you create a “logical” Azure SQL Server (I say logical because we are not really physically creating anything) there is a setting that is ticked ON by default which is called “Allow Azure services to access server”.
The question is, what does it mean? (See the highlighted section below)
I was using a query on one of my local SQL Servers where I wanted to know what logins were connected to my databases. I actually ended up running the query against my Azure SQL Database and had some very interesting results.
Apparently there is a new tool from Microsoft where you can discover, track, and remediate potential database vulnerabilities. This tool is available for both on-premises SQL Server and Azure SQL Database. I actually cannot find the download for the on-premises version so I decided to give it a go in Azure SQL Database.
So here we go, the first installment of my cloud blog series. From my experience this concern is a common one, especially when relating it to the database layer. Data “leaks” via security breaches have been getting some real negative press lately, what tools and techniques do you have to protect your Azure SQL Databases? The answer is – A LOT across different components and that is what I will cover in this blog post.