WEBVTT 0:00:02.620000 --> 0:00:08.280000 Hi, in this video, we're going to take a look at database security. 0:00:08.280000 --> 0:00:11.980000 And in particular, we're going to look at the following topics. 0:00:11.980000 --> 0:00:15.100000 We're going to start out talking about database authentication. 0:00:15.100000 --> 0:00:18.400000 We'll talk about PaaS data security services. 0:00:18.400000 --> 0:00:23.360000 We'll also look at the Azure platform as a service or PaaS database advanced 0:00:23.360000 --> 0:00:24.680000 threat protection. 0:00:24.680000 --> 0:00:29.720000 And then finally, I'm going to take a look at demoing the Azure SQL database 0:00:29.720000 --> 0:00:33.580000 security. So let's go ahead and let's go through this. 0:00:33.580000 --> 0:00:37.960000 To start out with, I want to talk about database authentication. 0:00:37.960000 --> 0:00:40.800000 And one thing that you want to consider when you're looking at hosting 0:00:40.800000 --> 0:00:45.540000 databases within the Azure environment is that you really kind of have 0:00:45.540000 --> 0:00:46.580000 two options, right? 0:00:46.580000 --> 0:00:51.320000 You have the infrastructure option where you're going to scale a virtual 0:00:51.320000 --> 0:00:54.920000 machine up and then you're going to install the database software on that. 0:00:54.920000 --> 0:00:57.300000 And you also have the platform as a service option. 0:00:57.300000 --> 0:01:00.440000 And we're going to talk about both of those. 0:01:00.440000 --> 0:01:06.280000 Now, when it comes to infrastructure as a service, there are, as you can 0:01:06.280000 --> 0:01:10.200000 see, four main database systems that I've included. 0:01:10.200000 --> 0:01:12.640000 There are, of course, other database systems out there, but these are 0:01:12.640000 --> 0:01:15.760000 the four that you will often see talked about. 0:01:15.760000 --> 0:01:19.920000 All right, first on the list, not surprisingly, for a Microsoft Azure 0:01:19.920000 --> 0:01:21.400000 environment, is SQL Server. 0:01:21.400000 --> 0:01:23.460000 And again, right now we're talking about infrastructure. 0:01:23.460000 --> 0:01:26.960000 So infrastructure as a service or IaaS. 0:01:26.960000 --> 0:01:31.360000 SQL Server is the same way that SQL Server has been since just about when 0:01:31.360000 --> 0:01:35.920000 I started working with it at the end of the last century, because I am 0:01:35.920000 --> 0:01:39.200000 that old. You have Windows and SQL Server authentication. 0:01:39.200000 --> 0:01:44.760000 Simple as that. Now, MySQL has plugins. 0:01:44.760000 --> 0:01:47.420000 And with those plugins, you've got PAM. 0:01:47.420000 --> 0:01:52.960000 You have Windows authentication and you have LDAP authentication. 0:01:52.960000 --> 0:01:56.520000 So you have a number of different authentication options. 0:01:56.520000 --> 0:01:58.400000 And again, it is pluggable. 0:01:58.400000 --> 0:02:02.440000 Postgres SQL coming out of the box has over 10 different authentication 0:02:02.440000 --> 0:02:05.660000 methods that you can use to integrate it with different authentication 0:02:05.660000 --> 0:02:13.400000 providers. And finally, MariaDB, MariaDB, excuse me, is completely pluggable. 0:02:13.400000 --> 0:02:16.280000 So you're going to find many different authentication options. 0:02:16.280000 --> 0:02:20.400000 And really, the story with authentication at the infrastructure service 0:02:20.400000 --> 0:02:25.620000 level is exactly the same as the story of authentication if you're on 0:02:25.620000 --> 0:02:29.360000 premises. So if you're working with any of these tools on premises and 0:02:29.360000 --> 0:02:34.320000 you plan on migrating them into the Azure environment as part of a virtual 0:02:34.320000 --> 0:02:37.800000 machine, then you're really going to have the same set of options. 0:02:37.800000 --> 0:02:40.140000 Now, you, of course, are going to have to configure everything else around 0:02:40.140000 --> 0:02:43.340000 it, like networking and authentication providers. 0:02:43.340000 --> 0:02:48.040000 But the database system itself is going to really be the same. 0:02:48.040000 --> 0:02:53.060000 Now, what I want to talk about is what I think is a little bit more interesting. 0:02:53.060000 --> 0:02:55.740000 And that is platform as a service. 0:02:55.740000 --> 0:03:00.000000 So let's take a moment to talk about platform as a service. 0:03:00.000000 --> 0:03:07.660000 All right, with platform as a service, what I actually think is really, 0:03:07.660000 --> 0:03:18.500000 really cool is that we've got, get rid of those there, we've got three 0:03:18.500000 --> 0:03:22.120000 primary platform as a service providers. 0:03:22.120000 --> 0:03:30.360000 Okay, so we've got SQL, we've got MySQL, and we've got Postgres SQL. 0:03:30.360000 --> 0:03:34.840000 And I will even label those, although as you'll see, it really won't matter 0:03:34.840000 --> 0:03:40.340000 too much. That's SQL Server. 0:03:40.340000 --> 0:03:51.360000 I've got MySQL, which is really Azure DB for MySQL. 0:03:51.360000 --> 0:04:04.540000 And we've got Azure DB for Postgres SQL. 0:04:04.540000 --> 0:04:07.460000 And by the way, that's SQL Server. 0:04:07.460000 --> 0:04:14.080000 And I should have said, Azure SQL database. 0:04:14.080000 --> 0:04:18.120000 Okay, now let's take SQL Server first. 0:04:18.120000 --> 0:04:33.660000 With SQL Server, when you provision SQL Server, you have an admin account. 0:04:33.660000 --> 0:04:38.880000 All right, and that admin account really is the equivalent of a local 0:04:38.880000 --> 0:04:43.040000 SQL Server account, and it's a system administrator. 0:04:43.040000 --> 0:04:57.000000 Okay, now you can also set up an AAD, Azure AD admin. 0:04:57.000000 --> 0:05:02.720000 Now, when you set up an Azure AD admin in SQL Server, what that's going 0:05:02.720000 --> 0:05:06.400000 to do is not only give you an admin account, so you can log in as your 0:05:06.400000 --> 0:05:08.080000 account to SQL Server. 0:05:08.080000 --> 0:05:14.620000 But in addition to that, it's going to allow you to then add more Azure 0:05:14.620000 --> 0:05:20.980000 AD access to your SQL Server databases within that particular server. 0:05:20.980000 --> 0:05:26.360000 You can create what are called contained users in an Azure contained database. 0:05:26.360000 --> 0:05:30.500000 All right, and so that's what we have with an Azure SQL database. 0:05:30.500000 --> 0:05:32.300000 Well, what about the other two? 0:05:32.300000 --> 0:05:35.300000 And here's what I find really cool. 0:05:35.300000 --> 0:05:41.680000 The scenario is exactly the same, which makes sense because these systems 0:05:41.680000 --> 0:05:45.160000 are actually based on the same underlying data platform. 0:05:45.160000 --> 0:05:48.000000 They have different APIs, but they have the same platform. 0:05:48.000000 --> 0:05:55.560000 So that means that when I create an Azure DB for MySQL, or if I create 0:05:55.560000 --> 0:06:02.680000 an Azure DB for Postgres SQL, they're going to be created with an admin 0:06:02.680000 --> 0:06:12.680000 account. But then I can also set up an Azure AD admin account. 0:06:12.680000 --> 0:06:17.200000 And when I set up an Azure AD admin account, it's going to give me the 0:06:17.200000 --> 0:06:22.800000 same authentication options that I have with SQL Server within Azure SQL 0:06:22.800000 --> 0:06:26.760000 database. So for me, that's a pretty cool capability. 0:06:26.760000 --> 0:06:29.480000 Right? So that means that in terms of functionality, and particularly 0:06:29.480000 --> 0:06:36.240000 as we look at security functionality, the differences between the SQL 0:06:36.240000 --> 0:06:42.660000 Server, MySQL and Postgres SQL at the platform as a service level are 0:06:42.660000 --> 0:06:44.760000 really becoming minor. 0:06:44.760000 --> 0:06:49.460000 And there's much more in common than there is differences. 0:06:49.460000 --> 0:06:56.540000 In fact, what's pretty cool is if I take a look at the platform as a service, 0:06:56.540000 --> 0:07:00.540000 Data Security Services, I do want to point out that I don't have this 0:07:00.540000 --> 0:07:07.580000 listed as an Azure SQL database service, excuse me, what I have is PaaS 0:07:07.580000 --> 0:07:09.820000 database security services. 0:07:09.820000 --> 0:07:15.420000 And the reason I have it that way is because these services apply to all 0:07:15.420000 --> 0:07:17.400000 three of the PaaS platforms. 0:07:17.400000 --> 0:07:21.940000 So there's also Azure database for MariaDB, which is pretty much the same 0:07:21.940000 --> 0:07:26.740000 as MySQL. So we have these services and what are they? 0:07:26.740000 --> 0:07:28.360000 First of all, you have encryption. 0:07:28.360000 --> 0:07:31.120000 And what's interesting about that is you have encryption at rest and you 0:07:31.120000 --> 0:07:38.480000 have encryption in now for all three platforms, you're going to have encryption 0:07:38.480000 --> 0:07:44.840000 at rest. Now what's interesting is of the three platforms, only the Azure 0:07:44.840000 --> 0:07:49.420000 SQL database gives you the option of not having encryption at rest. 0:07:49.420000 --> 0:07:53.340000 To be fair, you also have what's called always encrypted, which takes 0:07:53.340000 --> 0:07:55.280000 it a step beyond. 0:07:55.280000 --> 0:07:58.320000 But that is one thing to understand is that they all have encryption at 0:07:58.320000 --> 0:08:00.680000 rest, optional and SQL server. 0:08:00.680000 --> 0:08:03.820000 They also have encryption in transit. 0:08:03.820000 --> 0:08:09.800000 And meaning that it's going to either use HTTPS or it's going to use encrypted 0:08:09.800000 --> 0:08:13.840000 TDS or tabular data stream for SQL server. 0:08:13.840000 --> 0:08:16.940000 They all have audit logging capabilities. 0:08:16.940000 --> 0:08:21.820000 They also now all support service endpoints, fantastic. 0:08:21.820000 --> 0:08:26.560000 And they also all offer advanced threat protection. 0:08:26.560000 --> 0:08:33.780000 Now one thing you should note for both Postgres SQL and for the Azure 0:08:33.780000 --> 0:08:34.660000 database for MySQL. 0:08:34.660000 --> 0:08:38.100000 So Azure database for Postgres SQL and Azure database for MySQL. 0:08:38.100000 --> 0:08:44.280000 In both cases, you need to have higher than basic tier functionality in 0:08:44.280000 --> 0:08:45.800000 order to have these right now. 0:08:45.800000 --> 0:08:50.840000 And some of the functionality such as threat protection is currently in 0:08:50.840000 --> 0:08:54.640000 preview as a recording of this video. 0:08:54.640000 --> 0:08:57.820000 Now speaking of threat protection, I want to dive down into that just 0:08:57.820000 --> 0:09:05.620000 a little bit and talk about what our advanced database advanced threat 0:09:05.620000 --> 0:09:08.200000 protection actually gives us. 0:09:08.200000 --> 0:09:13.420000 This is a feature that is really frankly very simple to use. 0:09:13.420000 --> 0:09:15.900000 It integrates with Azure Security Center. 0:09:15.900000 --> 0:09:19.280000 So once you activate this, you'll be able to use Azure Security Center, 0:09:19.280000 --> 0:09:22.440000 be able to look at alerts and actions, etc. 0:09:22.440000 --> 0:09:29.720000 Now there are six different actually seven different threats that are 0:09:29.720000 --> 0:09:31.980000 recognized by the system. 0:09:31.980000 --> 0:09:38.900000 Now the first two threats are specific to right now the Azure SQL database. 0:09:38.900000 --> 0:09:43.800000 Right SQL injection vulnerability and also potential SQL injection. 0:09:43.800000 --> 0:09:47.520000 So if it actually finds an instance of SQL injection or just a vulnerability 0:09:47.520000 --> 0:09:54.680000 to it. Okay, also access from an unusual location or Azure Data Center. 0:09:54.680000 --> 0:09:57.980000 Access from an unfamiliar principle. 0:09:57.980000 --> 0:09:59.960000 So all of a sudden the account is logging in. 0:09:59.960000 --> 0:10:02.680000 Maybe there was this account that happened to be in a group. 0:10:02.680000 --> 0:10:05.680000 You gave the group access the Azure AD group access. 0:10:05.680000 --> 0:10:07.940000 It's never been used. 0:10:07.940000 --> 0:10:09.620000 All of a sudden it's used. 0:10:09.620000 --> 0:10:14.460000 Okay, next would be access from a potentially harmful application. 0:10:14.460000 --> 0:10:19.540000 Okay, so I've got an application that's sending questionable queries or 0:10:19.540000 --> 0:10:21.320000 a brute force attack. 0:10:21.320000 --> 0:10:26.320000 Somebody is just trying to get at your username password combination to 0:10:26.320000 --> 0:10:29.520000 get in most likely as the administrator. 0:10:29.520000 --> 0:10:31.300000 Now all of these are done. 0:10:31.300000 --> 0:10:36.060000 All of these are taken care of for you automatically by simply activating 0:10:36.060000 --> 0:10:37.680000 advanced threat protection. 0:10:37.680000 --> 0:10:42.580000 And I'm going to show you that within an Azure SQL database. 0:10:42.580000 --> 0:10:46.760000 Okay, and in fact, that's what we're going to do next is I'm going to 0:10:46.760000 --> 0:10:51.840000 take a look at an Azure SQL database security. 0:10:51.840000 --> 0:10:56.740000 Now, I'm looking at this in the context of the Azure SQL database security. 0:10:56.740000 --> 0:11:01.580000 Everything that I'm showing you though is available right now across the 0:11:01.580000 --> 0:11:07.920000 PaaS database platforms do keep in mind however that it is some of this 0:11:07.920000 --> 0:11:12.400000 is in preview for other than an Azure SQL database. 0:11:12.400000 --> 0:11:17.020000 So let's go ahead and let's take a look really just kind of going down 0:11:17.020000 --> 0:11:22.460000 the list looking at our options security options for the Azure SQL database. 0:11:22.460000 --> 0:11:32.280000 All right, I have a newly minted database and that database is part of 0:11:32.280000 --> 0:11:37.020000 a server again, all SQL server. 0:11:37.020000 --> 0:11:41.360000 And I'm in the database right now and what I can configure at the database, 0:11:41.360000 --> 0:11:44.120000 I've got advanced data security. 0:11:44.120000 --> 0:11:49.960000 Okay, and a couple of the things but really for SQL server, where I want 0:11:49.960000 --> 0:11:55.220000 to go to set up most of my security is at the server level. 0:11:55.220000 --> 0:12:01.240000 Okay, and in fact, if I come down here, I can see really pretty much what 0:12:01.240000 --> 0:12:05.240000 I what I need to work with nice and handy right here under security. 0:12:05.240000 --> 0:12:10.500000 Okay, so if I go to advanced data security, right, by default advanced 0:12:10.500000 --> 0:12:16.300000 data security is on, okay, and it does cost $15 per month. 0:12:16.300000 --> 0:12:20.900000 That is, of course, what I am getting in my region in US dollars yours 0:12:20.900000 --> 0:12:23.520000 may be different. 0:12:23.520000 --> 0:12:27.520000 Okay, and it's a trial period for the first 30 days, which is good because 0:12:27.520000 --> 0:12:30.740000 I'm going to delete this before then. 0:12:30.740000 --> 0:12:33.860000 All right, now it's going to ask me to create a storage account. 0:12:33.860000 --> 0:12:34.820000 I have a storage account. 0:12:34.820000 --> 0:12:36.580000 I'm going to go ahead and create a storage account. 0:12:36.580000 --> 0:12:41.840000 It should be a valid name there. 0:12:41.840000 --> 0:12:47.080000 Now, what this is doing is it's creating a storage account for me to capture 0:12:47.080000 --> 0:12:53.920000 my vulnerability assessment for the Azure SQL database. 0:12:53.920000 --> 0:13:06.460000 All right, now vulnerability assessments, it can also periodically scan 0:13:06.460000 --> 0:13:08.400000 and send reports. 0:13:08.400000 --> 0:13:13.680000 All right, if it gets advanced threat protections, I can send alerts to 0:13:13.680000 --> 0:13:15.140000 a specific email address. 0:13:15.140000 --> 0:13:24.360000 Here's an empty wallace at iene.com. 0:13:24.360000 --> 0:13:28.080000 Okay, and also send email notification. 0:13:28.080000 --> 0:13:32.980000 I can choose my advanced threat protection. 0:13:32.980000 --> 0:13:38.120000 Leave that and simply save this. 0:13:38.120000 --> 0:13:41.620000 And that's all I need to do for advanced threat protection advanced data 0:13:41.620000 --> 0:13:43.260000 security in general. 0:13:43.260000 --> 0:13:45.200000 Just turn that on. 0:13:45.200000 --> 0:13:50.300000 Now, while that's going, pop over here to auditing. 0:13:50.300000 --> 0:13:52.000000 And right now auditing is turned off. 0:13:52.000000 --> 0:13:54.440000 I can turn auditing on. 0:13:54.440000 --> 0:13:58.500000 And then I have to set my audit location. 0:13:58.500000 --> 0:14:07.320000 So I'm going to audit to storage. 0:14:07.320000 --> 0:14:14.720000 And let's see. That's not it. 0:14:14.720000 --> 0:14:18.360000 All right, well, I apparently can't find it right now. 0:14:18.360000 --> 0:14:40.400000 So I'll go ahead and see what I'm going to do. 0:14:40.400000 --> 0:14:42.380000 All right, so I've got my storage account. 0:14:42.380000 --> 0:14:48.140000 And I can say, okay, I want this to be retained for, let's say, 60 days. 0:14:48.140000 --> 0:14:53.520000 And okay. And then of course, I saved that. 0:14:53.520000 --> 0:14:56.260000 Okay, so I've got my advanced data security set up. 0:14:56.260000 --> 0:14:57.740000 I've got my auditing. 0:14:57.740000 --> 0:15:03.580000 Next, I want to take a look at firewalls and virtual networks. 0:15:03.580000 --> 0:15:06.220000 I'm going over to firewalls and virtual networks. 0:15:06.220000 --> 0:15:10.560000 All right, and I can actually deny all public network access. 0:15:10.560000 --> 0:15:15.240000 I can also require a minimal TLS version. 0:15:15.240000 --> 0:15:19.580000 So I say, okay, I want that to be a particular level. 0:15:19.580000 --> 0:15:23.120000 And you are setting that for all SQL database and SQL Data Warehouse associated 0:15:23.120000 --> 0:15:24.040000 with the server. 0:15:24.040000 --> 0:15:26.340000 Remember, I'm on the server right now. 0:15:26.340000 --> 0:15:29.280000 I can set up connection policy. 0:15:29.280000 --> 0:15:34.000000 I can allow Azure services and resources to access the server. 0:15:34.000000 --> 0:15:35.620000 I'm going to say yes on that. 0:15:35.620000 --> 0:15:40.060000 Okay, now I can add a rule for my client IP address. 0:15:40.060000 --> 0:15:42.300000 Actually, I'm going to keep that on no. 0:15:42.300000 --> 0:15:44.300000 And that's fine. 0:15:44.300000 --> 0:15:47.740000 But I don't want to do that right now. 0:15:47.740000 --> 0:15:58.120000 Okay. All right, 16 virtual network. 0:15:58.120000 --> 0:16:02.080000 And what this is going to do is it is going to create a service endpoint. 0:16:02.080000 --> 0:16:05.560000 I'll just keep that rule name, which terrible name, but that's fine. 0:16:05.560000 --> 0:16:10.400000 Okay. And even though there's actually not an app gateway, I provisioned 0:16:10.400000 --> 0:16:14.520000 a virtual machine earlier on this particular subnet. 0:16:14.520000 --> 0:16:18.340000 Now, because it's entirely possible I was making sure things worked the 0:16:18.340000 --> 0:16:26.960000 way I wanted now. 0:16:26.960000 --> 0:16:30.680000 There are other videos where you go through service endpoints. 0:16:30.680000 --> 0:16:32.860000 So I'm not going to spend too much time on that, but there are two parts 0:16:32.860000 --> 0:16:38.680000 to it. One is setting up the subnet and allowing it to go to specific 0:16:38.680000 --> 0:16:41.600000 resource types such as an Azure SQL database. 0:16:41.600000 --> 0:16:47.300000 And then the other is actually registering it as a service endpoint for 0:16:47.300000 --> 0:16:48.700000 the service itself. 0:16:48.700000 --> 0:16:54.040000 So I'm setting up both the Azure SQL Database service and or in this case, 0:16:54.040000 --> 0:16:57.340000 server and the subnet. 0:16:57.340000 --> 0:17:00.520000 Yeah, I can also set up private endpoints. 0:17:00.520000 --> 0:17:06.220000 And I can control my transparent data encryption, which actually is no 0:17:06.220000 --> 0:17:08.260000 longer optional. 0:17:08.260000 --> 0:17:11.300000 You do have the option of either having a service managed key or a customer 0:17:11.300000 --> 0:17:13.360000 managed key, which is good. 0:17:13.360000 --> 0:17:21.700000 Okay. Now I also know, okay, that was under the advanced data security. 0:17:21.700000 --> 0:17:24.640000 No, not advanced data security. 0:17:24.640000 --> 0:17:28.020000 There we go. Firewalls and minimal and virtual networks. 0:17:28.020000 --> 0:17:32.340000 So the TLS version, right, that's going to allow me to require encrypted 0:17:32.340000 --> 0:17:43.900000 TLS. All right, I want to make sure that I actually I'm going to go into 0:17:43.900000 --> 0:17:45.640000 my SQL database. 0:17:45.640000 --> 0:17:47.840000 Here's my sec DB. 0:17:47.840000 --> 0:17:55.700000 This is the SQL database that I created, frankly, right before this video. 0:17:55.700000 --> 0:17:59.360000 And what I want to do is I'm going to try and go into the query editor. 0:17:59.360000 --> 0:18:10.160000 All right. And continue and notice, it's going to tell me that this failed. 0:18:10.160000 --> 0:18:14.540000 Oh, well, the reason it's telling me that failed is because I just created 0:18:14.540000 --> 0:18:18.560000 this. And I forgot to do one small thing. 0:18:18.560000 --> 0:18:23.100000 And that is. Oh, good grief. 0:18:23.100000 --> 0:18:26.740000 Let me go back to my SQL server here. 0:18:26.740000 --> 0:18:33.540000 There we go. I forgot to set myself up as the active directory admin. 0:18:33.540000 --> 0:18:35.140000 That's important. 0:18:35.140000 --> 0:18:39.780000 All right, you have to create an active directory admin prior to being 0:18:39.780000 --> 0:18:45.080000 able to log in with an active directory as our active directory account. 0:18:45.080000 --> 0:18:47.340000 So I'm going to go to set admin. 0:18:47.340000 --> 0:18:50.340000 Put myself in there. 0:18:50.340000 --> 0:18:56.880000 There we go. And save. 0:18:56.880000 --> 0:19:01.780000 All right, so now I've set up security and I've set up an active directory 0:19:01.780000 --> 0:19:05.480000 admin. Now I'm going to go to my database. 0:19:05.480000 --> 0:19:11.240000 And once again, attempt to log in. 0:19:11.240000 --> 0:19:15.140000 Now, as soon as I go there now, I get a different error, but I get it 0:19:15.140000 --> 0:19:19.080000 right away. And the reason I'm getting this error is because it's telling 0:19:19.080000 --> 0:19:27.520000 me that my client address is not allowed access to the server. 0:19:27.520000 --> 0:19:31.080000 So I don't have access to the server right now. 0:19:31.080000 --> 0:19:40.680000 Okay, but as it so happens, I have a remote desktop connection to a virtual 0:19:40.680000 --> 0:19:46.480000 machine that is on that virtual network and on that subnet on the virtual 0:19:46.480000 --> 0:19:49.460000 network. Okay, so I just clicked over to that. 0:19:49.460000 --> 0:19:52.640000 And I'm going to go to my SQL server's again. 0:19:52.640000 --> 0:19:55.080000 I could have just gone to databases. 0:19:55.080000 --> 0:19:58.520000 I got an INE DB sec. 0:19:58.520000 --> 0:20:01.740000 And again, go to SQL databases. 0:20:01.740000 --> 0:20:05.680000 And again, go to my sec DB. 0:20:05.680000 --> 0:20:08.720000 And go to my query editor. 0:20:08.720000 --> 0:20:14.200000 And this time, it's going to let me in. 0:20:14.200000 --> 0:20:25.840000 Okay. And if I want to, I can go in there and write a query. 0:20:25.840000 --> 0:20:35.940000 Oh, I created this as a blank. 0:20:35.940000 --> 0:20:42.740000 All right, how about we just go create table. 0:20:42.740000 --> 0:20:48.200000 So what happens when you do things fast, DBO dot T one. 0:20:48.200000 --> 0:20:55.400000 C one int. All right, doesn't really matter what that is. 0:20:55.400000 --> 0:20:56.240000 It's just a quick query. 0:20:56.240000 --> 0:20:57.720000 And I am able to run it. 0:20:57.720000 --> 0:21:02.920000 The point is that I am able to connect to this database through the server 0:21:02.920000 --> 0:21:09.260000 from a virtual machine that is connected via a service endpoint. 0:21:09.260000 --> 0:21:11.820000 And for me, that's actually pretty cool capability, right? 0:21:11.820000 --> 0:21:19.480000 Because that's giving me that ability to really secure my database across 0:21:19.480000 --> 0:21:28.180000 a number of different general security options. 0:21:28.180000 --> 0:21:29.360000 Easy as what I say that. 0:21:29.360000 --> 0:21:33.700000 Now, by the way, if I go to the database, I've gone back to my regular 0:21:33.700000 --> 0:21:36.640000 account. So here's my sec DB. 0:21:36.640000 --> 0:21:38.480000 I really don't want to be in the query editor. 0:21:38.480000 --> 0:21:43.060000 But if I go down here to auditing at the database level, because I have 0:21:43.060000 --> 0:21:45.100000 turned auditing on. 0:21:45.100000 --> 0:21:52.020000 Okay, I can go over here and notice it says auditing is off for the database, 0:21:52.020000 --> 0:21:54.360000 but server level auditing is enabled. 0:21:54.360000 --> 0:21:57.780000 So now I can go to view my audit logs. 0:21:57.780000 --> 0:22:02.300000 And here, my audit logs, notice I've got database authentication failed. 0:22:02.300000 --> 0:22:09.040000 That was when I forgot that I actually needed to set up my Azure AD authentication. 0:22:09.040000 --> 0:22:10.820000 But here I've got batch created. 0:22:10.820000 --> 0:22:14.060000 And you can see the command that I used, right? 0:22:14.060000 --> 0:22:17.460000 So just a quick recap. 0:22:17.460000 --> 0:22:20.820000 And I've got my database. 0:22:20.820000 --> 0:22:25.780000 I'm going to take that back to normal resolution there for a moment. 0:22:25.780000 --> 0:22:29.920000 Okay, now at the database level, by the way, I have some similar settings, 0:22:29.920000 --> 0:22:33.220000 for example, advanced data security. 0:22:33.220000 --> 0:22:37.840000 And I can see my advanced threat protection, anything happening there 0:22:37.840000 --> 0:22:40.920000 at the database level, my vulnerability assessment, anything happening 0:22:40.920000 --> 0:22:46.580000 there. Okay, and I have no failing security checks, which is good. 0:22:46.580000 --> 0:22:51.980000 Again, we saw auditing, and there are a few other security options for 0:22:51.980000 --> 0:22:55.700000 this database. But that is your database security. 0:22:55.700000 --> 0:22:57.600000 We covered a number of topics. 0:22:57.600000 --> 0:23:01.760000 For example, we talked about just generally speaking. 0:23:01.760000 --> 0:23:07.760000 And the first thing we talked about was our database authentication. 0:23:07.760000 --> 0:23:11.420000 Right, we talked about database services, security services that are actually 0:23:11.420000 --> 0:23:15.820000 available across the platform as a service offerings, although they vary 0:23:15.820000 --> 0:23:20.820000 somewhat. But the basic concept is there, the basic ideas are though some 0:23:20.820000 --> 0:23:26.260000 are in preview right now for other than an Azure SQL database. 0:23:26.260000 --> 0:23:30.700000 And we also looked at our networking capabilities and how we can constrict 0:23:30.700000 --> 0:23:34.620000 that. And I really just went through and kind of just touched on the different 0:23:34.620000 --> 0:23:36.100000 touch points in and of themselves. 0:23:36.100000 --> 0:23:36.880000 And not that complex. 0:23:36.880000 --> 0:23:38.760000 You want to know about them, right? 0:23:38.760000 --> 0:23:49.560000 Do keep in mind that the advanced threat protection does come with an 0:23:49.560000 --> 0:23:51.440000 Azure database security.