Lesson Learned #15: Securing our Azure SQL Datawarehouse

Hello Everyone,

Nowdays, the security is a key element for all databases, for this reason, in Azure SQL we have several options depending on our needs. In this picture you could see the different available options that we have right now.


In this post, I would like to share some points about two important topics for our applications that are running on Azure:

  • Data Encryption.
  • Data Protection.

Although, all these options are available on Azure SQL Database, unfortunately, in Azure SQL Datawarehouse are not available these ones: Always Encrypted, Data Masking and Row Level Security.


  • TDE ( Transparent Data Encryption ) encrypts the data files, protecting data on SQL database physical storage from unauthorized access.
    • Server-side encryption of the data on physical disk.
    • Zero application changes.
    • Support for all database operations (ex. joins) on data.
    • SQL Database service manages your keys.


  • Always Encrypted protects the highly sensitive data in-use from high privilege SQL users.
    • Client-side encryption of sensitive data using keys that are never given to the database system.
    • Support for equality comparison, incl. join, group by and distinct operators.
    • Minimal application changes via server and client library enhancements.


  • Data Masking  that limit the exposure of sensitive data by obfuscating query results for application users.
    • Protects against unauthorized access to sensitive data in the application, using built-in or custom masking rules. Privileged users can still see unmasked data.
    • Data is masked on-the-fly, underlying data in the database remains intact. Transparent to the application and applied according to user privilege

  • Row Level Security, centralize your row access logic within the database.
    • Control both read/write-access to specific rows of data.
    • Flexible access criteria (user identity, role/group memberships, etc).
    • Works transparently at query time, no application changes needed and reduces application maintenance and code complexity.
Comments (4)
  1. ErikEJ says:

    I think you meant to write: in Azure SQL Datawarehouse some of them are not as Always Encrypted, Data Masking and Row Level Security:

  2. My apologies for my mistake. Fixed right now!. Thanks for your feedback.

  3. Have you ever thought about adding a little bit more than just your articles?

    I mean, what you say is important and everything. Nevertheless think about
    if you added some great visuals or video clips to give your posts more, “pop”!
    Your content is excellent but with pics and video clips, this website could
    certainly be one of the best in its niche. Excellent blog! http://gomgoonstudio.dothome.Co.kr/qna/3928

    1. Thanks for your feedback, we are working on it, in the next days we are going to post new videos.
      Right now, we recorded the following sessions:
      Azure Support Academy: https://www.youtube.com/user/TheLatamblog in English and Spanish
      SpanishPass VC: https://www.youtube.com/watch?v=INB9QOk5Jl4&feature=youtu.be

Comments are closed.

Skip to main content