Token-based authentication including Multi-factor auth (MFA) for Azure SQL DB using Azure Active Directory (AD)

SQL server security team presents an application solution for token-based authentication with multi-factor (MFA) support for SQL DB using Azure AD auth. The zip file attached below with the codes sample and a Readme doc present more details on this topic. For additional information see also Azure AD authentication extensions for Azure SQL DB and SQL DW tools. For further… Read more

Now Available: Guide for enhancing privacy and addressing GDPR requirements with the Microsoft SQL platform

Data privacy and data security have become one of the most prominent topics in organizations in almost every industry across the globe. New regulations are emerging that formalize requirements around these topics, and compel organizations to comply. The upcoming EU Global Data Protection Regulation (GDPR) is one of the most noteworthy of these new regulations…. Read more

Newly created Azure SQL databases will be encrypted at rest by default

Earlier today, we announced that all new Azure SQL databases will be encrypted with Transparent Data Encryption (TDE) by default, to make it easier for everyone to benefit from encryption at rest. The change in default will happen gradually by region. Visit the Azure Service Updates blog to learn more about this recent update…. Read more

Getting Started with Always Encrypted using PowerShell

In the previous articles from the Always Encrypted blog series, we demonstrated how to configure Always Encrypted using SQL Server Management Studio. In this article, we will show you how to configure Always Encrypted from the command line, using PowerShell. Prerequisites To try the examples in this article, you need: A database, named Clinic, hosted… Read more

Parameterization for Always Encrypted – Using SSMS to Insert into, Update and Filter by Encrypted Columns

SQL Server  Management Studio 17.o (the next major update of SSMS, currently available as a Release Candidate) introduces two important capabilities for Always Encrypted: Ability to insert into, update and filter by values stored in encrypted columns from a Query Editor window. The new online encryption algorithm, exposed in the Set-SqlColumnEncryption PowerShell cmdlet, which makes tables available… Read more

Azure samples for Azure AD .Net WebApi using Azure AD “on-behalf of token” to connect to SQL DB and SQL DW

The C# code samples attached in the zip file below present a solution for the front-mid tier architecture allowing client applications to use individual Azure AD user credentials to connect to SQL DB/DW using mid-tier WEB app “on-behalf of token” obtained from Azure AD by redeeming individual user’s access token. This solution represents a standard… Read more

Feature Spotlight: Transparent Data Encryption (TDE)

As more and more businesses go digital and towards the cloud, security is more important than ever. We’re not all security experts, but with the responsibility we assume as businesses to be entrusted with protecting our customer’s data, it’s essential that we understand the basics of how we secure data. Security only works when you… Read more

Token-based authentication support for Azure SQL DB using Azure AD auth

SQL Server security team would like to announce token based authentication support for Azure SQL DB V12 authentication using Azure Active Directory (AD). Currently we support two authentication methods: Azure AD user/password and Azure AD integrated authentication supporting Windows credentials ( see https://azure.microsoft.com/en-us/documentation/articles/sql-database-aad-authentication/ ). The new token-based authentication method allows middle-tier services to obtain a… Read more

Using SQL Server Integration Services (SSIS) with Always Encrypted

We would like share a couple of links to two articles, just published on SQL Server IntegrationServices (SSIS) Blog, which provide guidance for how to use SSIS with Always Encrypted: SSIS with Always Encrypted Lookup transformation with Always Encrypted… Read more

Using Hardware Security Modules with Always Encrypted

Using Hardware Security Modules with Always Encrypted In the examples from the previous articles on Always Encrypted, we demonstrated column master keys stored in Windows Certificate Store and in Azure Key Vault. In this article, we will introduce yet another option: storing column master keys in hardware security modules (HSMs). HSM Primer and Introduction to… Read more