Enable Advanced Database Security with Azure SQL Database

Learn On Demand Pro Series

The Enable Advanced Data Security with Azure SQL Database virtual lab, an IT Pro Challenge, teaches how to create an Azure SQL database that complies with data privacy recommendations and laws. System and Database Administrators gain critical hands-on experience to manage the SQL database management by complying with Azure security recommendations.

45 minutes
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *

Already have an account? Sign In »


Learners who complete this guided 45-minute lab will have created a SQL database in Microsoft Azure(R), set database security in the cloud, and database check that security recommendations can display, be remediated, and be applied successfully. Beginners will find this virtual lab useful in their career path as System, Database Administrator, or any other IT professionals.

Whether an IT professional migrates a database from another data center to Azure, on the cloud, or creates a new database with no data sets on Azure, he or she must keep data security up to date. Setting effective audits through the advanced data security services reveals risks for a data breach, and helps to save a company’s reputation and revenue.

The General Data Protection Regulation (GDPR) guidance, from Azure, protects firms from potential fines imposed by the European Union. GDPR applies to any European citizen, even those living in the United States and Canada.

So, learners, upon running through this challenge, learn to use Azure resources towards managing and governing databases.

Create an Azure SQL Database:

Learners create an Azure database that contains a sample data set, AdventureWorksLT. As part of creating this database, a vulnerability will be created by enabling Azure services to access the server level. This setting will trigger an audit failure to be addressed in subsequent exercises. Also, the learner will use Azure’s query editor to validate successful database creation and to get hands-on experience with vital tools used to create, manipulate, and delete data.

Enable Advanced Data Security:

This module has learners initiate advanced data security services through Azure and start auditing the entire database for a full investigation. Upon following the exercise’s instructions, an audit log will generate a file saved in a specified storage account. Data housed in an SQL database can persist for decades, and the GDPR allows EU members to delete all personal data, including older. So retaining audit records for an unlimited amount of time (0) makes sense.

Verify Advanced Data Security:

Instructions ask learners to review security status reports: Data Discovery and Classification recommendations, Vulnerability Assessment, and Advanced Threat Protection.

In addition to becoming familiar with security scan results, learners remediate and accept security configurations related to Azure’s recommendations. Lab trainees run a remediation script in Query Editor to fix the data security issue. Once the learner implements this fix, he or she tests its success by attempting to login to the query editor as the Azure server.

Also, this lab teaches how to approve a vulnerability Azure identifies but presents a low risk to the business. For example, in some business processes, a ‘dbo’ user may be used for normal service operations. Learners give the ok for this condition by approving it as a baseline.


Upon completion of the Enable Advanced Data Security with Azure SQL Database, learners have hands-on experience with Azure’s SQL database and advanced data security tools. This skill set safeguards privacy and data through Azure’s tools and lab knowledge obtained.

    • Create an Azure SQL Database.
    • Enable Advanced Data Security.
    • Verify Advanced Data Security.

Learners who wish to build on their security and Azure administrative skill sets should consider other labs.

  • ADVANCED CHALLENGE: Can You Configure Role-Based Access Control (RBAC) for Storage Accounts? 

  • GUIDED CHALLENGE: Create and Manage Shared Access Signature (SAS) Keys