2-Implement a secure environment (15-20%).md

DP-300: Implement a Secure Environment (15-20%)

Configure database authentication by using platform and database tools

• Configure Azure AD authentication
• Create users from Azure AD identities
  • Create contained database users in your database mapped to Azure AD identities
• Configure Security Principals
  • Azure AD Service Principal authentication to SQL DB - Code Sample

Configure database authorization by using platform and database tools

• Configure database and object-level permissions using graphical tools
  • Getting Started with Database Engine Permissions
• Apply principle of least privilege for all securables

Implement security for data at rest

• Implement Transparent Data Encryption (TDE)
  • Transparent data encryption for SQL Database and Azure Synapse
• Implement object-level encryption
  • Always Encrypted: Protect sensitive data and store encryption keys in Azure Key Vault
• Implement Dynamic Data Masking
  • Get started with SQL Database dynamic data masking with the Azure portal
• Implement Azure Key Vault and disk encryption for Azure VMs
  • Quickstart: Create and encrypt a Windows virtual machine with the Azure portal

Implement security for data in transit

• Configure SQL DB and database-level firewall rules
  • sp_set_database_firewall_rule (Azure SQL Database)
• Implement Always Encrypted
  • Always Encrypted: Protect sensitive data and store encryption keys in the Windows certificate store
• Configure Azure Data Gateway
  • Install and configure an on-premises data gateway

Implement compliance controls for sensitive data

• Apply a data classification strategy
  • What is data classification?
• Configure server and database audits
  • Azure SQL Auditing
  • A Boost in Security for Azure SQL Database: Auditing
• Implement data change tracking
  • Enable and Disable Change Tracking (SQL Server)
• Perform vulnerability assessment
  • SQL Vulnerability Assessment helps you identify database vulnerabilities

Return to Table of Contents