Any suggestions? Export (0) Print
Expand All

Security Center for SQL Server Database Engine and Azure SQL Database


Updated: November 23, 2015

Applies To: Azure SQL Database, SQL Server 2016 Preview

This page provides links to help you locate the information that you need about security and protection in the SQL Server Database Engine and Azure SQL Database.



Who Authenticates?

  • security-center-both Windows Authentication

  • security-center-both SQL Server Authentication

Who Authenticates? (Windows or SQL Server)

Where Authenticated?

  • security-center-both At master Database: Logins and DB Users

  • security-center-both At User Database: Contained DB Users

Authenticate at the master database (Logins and database users)

Authenticate at a user database

Using Other Identities

  • security-center-both Credentials

  • security-center-sqlserver Execute as Another Login

  • security-center-both Execute as Another Database User

Granting, Revoking, and Denying Permissions

  • security-center-both Securable Classes

  • security-center-sqlserver Granular Server Permissions

  • security-center-both Granular Database Permissions

Security by Roles

  • security-center-sqlserver Server Level Roles

  • security-center-both Database Level Roles

Restricting Data Access to Selected Data Elements

  • security-center-both Restrict Data Access With Views/Procedures

  • security-center-both Row-Level Security

  • security-center-both Dynamic Data Masking

  • security-center-both Signed Objects

Encrypting Files

  • security-center-sqlserver BitLocker Encryption (Drive Level)

  • security-center-sqlserver NTFS Encryption (Folder Level)

  • security-center-both Transparent Data Encryption (File Level)

  • security-center-both Backup Encryption (File Level)

Encrypting Sources

  • security-center-sqlserver Extensible Key Management Module

  • security-center-sqlserver Keys Stored in the Azure Key Vault

  • security-center-both Always Encrypted

Column, Data, & Key Encryption

  • security-center-both Encrypt by Certificate

  • security-center-both Encrypt by Symmetric Key

  • security-center-both Encrypt by Asymmetric Key

  • security-center-both Encrypt by Passphrase

Firewall Protection

  • security-center-sqlserver Windows Firewall Settings

  • security-center-sqldb Azure Service Firewall Settings

  • security-center-sqldb Database Firewall Settings

Encrypting Data in Transit

  • security-center-bothForced SSL Connections

  • security-center-sqlserver Optional SSL Connections

Automated Auditing

  • security-center-sqlserver SQL Server Audit (Server and DB Level)

  • security-center-sqldb SQL Database Audit (Database Level)

  • security-center-sqldb Threat Detection

Custom Audit

  • security-center-both Triggers


  • security-center-both Compliance

SQL injection is an attack in which malicious code is inserted into strings that are later passed to the Database Engine for parsing and execution. Any procedure that constructs SQL statements should be reviewed for injection vulnerabilities because SQL Server will execute all syntactically valid queries that it receives. All database systems have some risk of SQL Injection, and many of the vulnerabilities are introduced in the application that is querying the Database Engine. You can thwart SQL injection attacks by using stored procedures and parameterized commands, avoiding dynamic SQL, and restricting permissions on all users. For more information, see SQL Injection.

Additional links for application programmers:

Community Additions

© 2016 Microsoft