In February 2017, Microsoft announced the general availability of Blob Auditing for Azure SQL Database. While auditing features were available before in Azure, this is a huge leap forward, especially in having more granular control over what audit records are captured. Before Blob Auditing, there was Table Auditing. This is something I like to equate to the C2 auditing feature of SQL Server. It’s only configurable options were ON or OFF. In reality, Table Auditing has a few more controls than that, but you get the idea. There was no way to audit actions against one specific table. Blob Auditing...
Continue reading...Azure
AzureRM Module Version
When working with the AzureRM PowerShell module, remember the module is constantly being updated to take advantage of new features added to Azure. To check the version of the AzureRM module currently installed on your system, use the following command. The screenshot below shows I am running version 1.4.0 and the output of Get-AzureRmSqlDatabaseAuditingPolicy command-let. Next, I install the latest AzureRM module. After the install is complete, I rerun the same commands. The screenshot below shows that I am now running version 3.8.0 followed by the same Get-AzureRmSqlDatabaseAuditingPolicy command-let. Notice the difference in the output? There are several differences, but in...
Continue reading...Configuring the Azure SQL Database Firewall
Azure SQL Database is a Platform as a Service (PaaS) that provides a relational database for use over the internet. That sounds super cool and easy to use. But wait, there’s one word I’d like to highlight in that first sentence: “internet”. Anyone with an internet connection could access your database. Now that’s no cool. So how does Microsoft keep your database safe? The answer is a multipronged approach of using encryption, authentication, authorization, and firewalls. All connections to Azure SQL Database use SSL/TLS to protect your data while “in transit”, and you can use Transparent Data Encryption (TDE) to...
Continue reading...Microsoft Azure Certified
Over the past few months, I have been working diligently to learn more about Azure. As a result of my studies, I have successfully passed the Implementing Microsoft Azure Infrastructure Solutions certification exam (70-533). By far, this is the hardest exam I have taken to date. Over the past 15+ years I have worked very hard to learn as much as possible about SQL Server and the Windows operating systems that it runs on, but that knowledge only took me so far within Azure. I had to look at Azure as an entire suite of products that seamlessly work together, and...
Continue reading...Use PsPing When Working in Azure IaaS
Recently I’ve been learning more about how Azure functions and how it can help my customers. One of the best ways for me to learn about Azure was to build out my own environment using VMs, or Infrastructure as a Service (IaaS). All of that was easy; however, once the VMs were built I soon learned that Azure functions differently than an On-Premise solution. The most basic network connectivity test that administrator use is the PING command. It is part of the ICMP protocol, but it’s disabled by default on each VM that I deployed. While it was easy enough...
Continue reading...
