This hands-on lab provides an Azure administrator with an understanding of how to implement basic security features to protect an Azure SQL database. You will configure a database to be managed by an Active Directory admin account. Then you will activate auditing, which will allow you to monitor accesses to the database. To further protect the database, you will configure firewall access rules that limit the access to a specified virtual network. Finally, to test the configuration, you will log in to a VM client via RDP, run the SQL Server Management Studio, connect to your database, and attempt to run some queries.
Understand the scenario
You are using an Azure Resource Group that contains a preconfigured Storage Account, Azure SQL Server, Azure SQL Database, and a virtual machine. You are a system administrator for a company that provides web hosting services for customers. You need to secure an Azure SQL Database that may hold sensitive data. You will start by defining an Azure AD server administrator. Next, you will enable auditing at the server level. Finally, you will restrict access to the server via firewall rules.
Configure an Azure AD server administrator:
Azure Active Directory (AD) is Microsoft’s cloud-based identity and access management service. This service allows you to configure your server’s administrative account through the Azure portal. For this task, you will set the admin account for your SQL server; then, you will login to a client that uses the SQL Server Management Studio (SSMS) to test the configuration by connecting to the SQL Server database using Active Directory password authentication.
Enable auditing at the server level:
Well managed access controls are a fundamental line of defense against your infrastructure; however, to assure your system’s and network’s security, it is critical that you audit accesses and monitor them. In this section, you will configure auditing at the server level, within the Azure portal. Enabling auditing will allow you to see when the database is accessed, who accessed it, and what actions were performed. These logs are extremely helpful. In a production environment, you will likely want to connect auditing to either Log Analytics or an event hub for more detailed and streamlined monitoring, detection, and response.
Set firewall rules:
The firewall is also a foundational security control for your enterprise. Limiting access to your resources to only a specified set of users, applications, and/or network addresses will drastically minimize the potential attack surface of your environment. For this task, you’ll learn how to configure the native Azure firewall to limit access to your SQL Server to a specific subnet of users. You’ll also learn about the firewall feature for enabling and disabling access for Azure services. While you configure the firewall, you will test the configuration by attempting access from your SQL Server client.
Lab Summary Conclusion:
In this hands-on virtual lab, you will learn how to configure the basic native Azure security controls to protect an Azure SQL database. This lesson will enable you to administer server-level AD admin credentials, audit and monitor SQL server access, and configure access control via the Azure native firewall. These are essential skills for someone pursuing a career as a Microsoft Azure administrator.
Other Challenges in this series
- GUIDED CHALLENGE: Configure Application Insights
- ADVANCED CHALLENGE: Can you Monitor a Web App?
See the full benefits of our immersive learning experience with interactive courses and guided career paths.