Microsoft Codename “SQL Azure Security Services” is a cloud service that
enables you to protect your database using an
Detect, React Data Protection lifecycle. The service complements core security features in the SQL Azure platform with advisory and management tools for data security.
on your enthusiasm for such a service and your valuable feedback, more advanced features like sensitive data discovery, data masking, configuration drift, SQL injection detection, and other functionality layered on core SQL Azure platform will be added to
the service. So your feedback is absolutely important!
Microsoft Codename SQL Azure Security Services can be accessed at:
To use SQL Azure Security Services, you must have the following:
Login to your SQL Azure Account
Microsoft Codename “SQL Azure Security Services” is located at:
At this page, click on the Start Here icon.
The home page looks like this:
Specify whether you would like to scan all the databases in the SQL Azure Server or choose individual databases. If you click on the latter, the UI will show you a list of databases currently in the Azure server. Choose the databases that would like to scan.
NOTE: Full server scan or scanning several individual databases will involve additional scan time. Please be patient for the scan to complete.
Specify where you would want the output to be sent. You can choose HTML output directly to your browser in the same session, or choose to schedule a job that generates and saves the report in a Windows Azure BLOB account. The second choice is particularly
useful if you have several databases to scan an/or you want the scan report also to be stored in your own private storage. If you choose the latter, provide the URL full path and name of the file (with a .html extension), and the BLOB credentials (storage
If you chose the first option, then a link to the output HTML will be presented after a short time in the same page.
Click on the link here, or access the output HTML file using an Azure BLOB browser. The components of the Scan report are shown below. In this introductory release, the Scan report consists of two sections (tabs):
Security Issues: This section provide the list of potential security concerns on a per-database basis, with a Severity level and brief explanation.
Clicking the drop-down for provides a description of the issue, and a recommended mitigation.
Attack Surface: This section presents the security model - i.e. it lists all the objects in the master db as well as the individual databases that could be potential targets for an attack.
That is it! Now you can use this report to edit your schema, and if applicable, eliminate malware from the affected tables in your database. The intended result is a secure database(s).
You can provide your feedback through multiple means.
Each scan report provides two links in the Top Right corner.
Click I Have an Idea to tell us about how we can improve this service.
Click I Found a Bug to send us email about what doesn’t work so we can fix it.
Click Take the Survey to fill in a survey of the features that you'd like to see us support in this service, and their priority.
The SQL Azure Security Services is currently under consideration for active development. Some of our plans for possible future features include:
We thank you in advance for taking the time to evaluate the Lab, and your valuable feedback.