Azure samples for Azure AD .Net WebApi using Azure AD “on-behalf of token” to connect to SQL DB and SQL DW

The C# code samples attached in the zip file below present a solution for the front-mid tier architecture allowing client applications to use individual Azure AD user credentials to connect to SQL DB/DW using mid-tier WEB app “on-behalf of token” obtained from Azure AD by redeeming individual user’s access token. This solution represents a standard… Read more

Feature Spotlight: Transparent Data Encryption (TDE)

As more and more businesses go digital and towards the cloud, security is more important than ever. We’re not all security experts, but with the responsibility we assume as businesses to be entrusted with protecting our customer’s data, it’s essential that we understand the basics of how we secure data. Security only works when you… Read more

SQL Server Connector support for private Azure clouds

Starting today, the SQL Server Connector also supports private Azure clouds. If you’re using a private Azure environment, such as Azure Government, Azure China, or Azure Germany, you can now use the SQL Server Connector to manage your TDE encryption in SQL Server using your Azure Key Vault keys. Download the latest version (1.0.4.0) of… Read more

SQL Threat Detection – Your built-in security expert

Azure SQL Database Threat Detection has been in preview for a few months now. We’ve on-boarded many customers and received some great feedback. We would like to share a couple of customer experiences that demonstrate how SQL Threat Detection helped to address their concerns about potential threats to their database. What is SQL Threat Detection?… Read more

Always Encrypted in Azure SQL Database is Generally Available

I’m happy to announce Always Encrypted in Azure SQL Database is now generally available! Always Encrypted is a feature designed to ensure sensitive data and its corresponding encryption keys are never revealed in plaintext to the database system. With Always Encrypted enabled, a SQL client driver encrypts and decrypts sensitive data inside client applications or application servers,… Read more

Developing Databases using Always Encrypted with SQL Server Data Tools

We are excited to announce that SQL Server Data Tools (SSDT) now supports developing databases using Always Encrypted. Always Encrypted is a feature in SQL Server 2016 and Azure SQL Database that ensures your sensitive data is never revealed in plaintext to the database system. An Always Encrypted-enabled client driver achieves that by transparently encrypting and… Read more

SQL Server Connector for Azure Key Vault is Generally Available

Starting today, the SQL Server Connector for Azure Key Vault is Generally Available! The SQL Server Connector is an Extensible Key Management (EKM) Provider that enables SQL Server to use Azure Key Vault as a place to protect and manage SQL encryption keys. This means that you can use your own encryption keys for SQL… Read more

SQL Server Connector Public Preview Update

A new update of the SQL Server Connector is available! The SQL Server Connector is currently in public preview, and we’ve worked hard in the last few months to create a more lightweight and more secure SQL Server Connector. It no longer runs as a service, and we’ve simplified it down to a single DLL…. Read more

Token-based authentication support for Azure SQL DB using Azure AD auth

SQL Server security team would like to announce token based authentication support for Azure SQL DB V12 authentication using Azure Active Directory (AD). Currently we support two authentication methods: Azure AD user/password and Azure AD integrated authentication supporting Windows credentials ( see https://azure.microsoft.com/en-us/documentation/articles/sql-database-aad-authentication/ ). The new token-based authentication method allows middle-tier services to obtain a… Read more

Best Practices for Moving Data Encrypted with Always Encrypted

With the introduction of Always Encrypted, Microsoft’s SQL platform (SQL Server 2016 and SQL Azure DB) protects sensitive data in use (during transactions and computations) without requiring any significant re-work in your applications. In a typical scenario, a client application is set up with Always Encrypted enabled in the database connection string. This instructs the… Read more