1. Home
  2. Training Library
  3. Microsoft Azure
  4. Courses
  5. Implementing Azure SQL Data Security

Course Overview


Introduction and Overview
Course Overview
Storage Security
Information Security
Track Data Changes
2m 2s
Course Overview

In the Information age data is the new currency and like anything valuable, it needs to be protected. Azure SQL and its environment provide a range of mechanisms for protecting your data from a multitude of hazards. The potential threats range from bad actors trying to steal information to unintentional human error corrupting your data. To cover all eventualities Azure provides pre-emptive protection in the form of network security, several types of data encryption, data classification, and vulnerability assessment services. After the fact protection is available in the form of built-in data change tracking. This course shows not only tells you about what protection is available for your database but also how to implement it.

If you have any feedback relating to this course, feel free to contact us at support@cloudacademy.com.

Learning Objectives

  • Learn what security components are available  within Azure SQL
  • Understand how these elements work together to provide a secure environment
  • Learn how to implement infrastructure security
  • Learn how to secure your data from external and internal hazards
  • Learn how to implement data change tracking

Intended Audience

  • Anyone who wants to learn how to implement secure Azure SQL databases
  • Those preparing for Microsoft’s DP-300 exam


To get the most out of this course, you have should a general understanding of the fundamentals of Microsoft Azure. Experience using databases — especially SQL Server — would also be beneficial.


The GitHub repository for this course can be found here: https://github.com/cloudacademy/azure-sql-data-security-dp-300


As I alluded to in the introduction, data should be protected in various states. The data at rest state refers to data as it is stored within the database file structure and is not being accessed via the database engine. If someone is trying to access data at rest, circumventing the authorization of the database engine, then 99 times out of 100, that will be for nefarious purposes. The data in transit state is when data has been legitimately accessed via the database engine and transmitted across a network to a client application. The client application can be anything, like a web or a desktop application, whether that is a custom piece of software or SQL Server management studio. Within the context of legitimate access, there may be some data elements, usually sensitive data like medical records or credit card numbers, where we want to restrict access to a subset of users. Of course, data is not only read but can be modified and deleted.

A data security system would not be complete without the ability to track data changes; that is, which user changed what data and when. After all, is said and done, we need to know where we stand in terms of protecting our data; we need a robust and objective way of assessing the data protection mechanisms we’ve put in place. The onion analogy is a helpful way to visualize the layers of protection that secure your data. The three outermost layers prevent accessing data via non-intended methods. Network security stops any non-authorized access to all elements of the database ecosystem, which includes the database engine and files, as well as the data transmitted to client endpoints. Storage security refers to protecting the media on which the database files reside, while data security is protecting the information within the database files. You can think of the three outer layers as protection against known bad actors. It is protection against people who have no business and accessing data, whether that is from without or within the organization. Information security relates to protecting data from illegitimate use or intentional corruption.

Let’s start from the outer layer and work our way in.


Introduction - Firewall Rules - Vnet to Vnet and Azure Data Gateway - Disk Encryption - Transparent Data Encryption - Column Encryption - Advanced Data Security - Track Data Changes - Summary

About the Author
Hallam Webber
Software Architect
Learning Paths

Hallam is a software architect with over 20 years experience across a wide range of industries. He began his software career as a  Delphi/Interbase disciple but changed his allegiance to Microsoft with its deep and broad ecosystem. While Hallam has designed and crafted custom software utilizing web, mobile and desktop technologies, good quality reliable data is the key to a successful solution. The challenge of quickly turning data into useful information for digestion by humans and machines has led Hallam to specialize in database design and process automation. Showing customers how leverage new technology to change and improve their business processes is one of the key drivers keeping Hallam coming back to the keyboard.