SQL Information Protection for Azure and On-prem

Microsoft announced  the public preview of SQL Information Protection, introducing advanced capabilities built into Azure SQL Database and on-premises SQL Server via SQL Server Management Studio for discovering, classifying, labeling, and protecting the sensitive data in your databases.

  • Helping meet data privacy standards and regulatory compliance requirements, such as GDPR.
  • Data-centric security scenarios, such as monitoring (auditing) and alerting on anomalous access to sensitive data.
  • Controlling access to and hardening the security of databases containing highly sensitive data.

What is SQL Information Protection?

SQL Information Protection (SQL IP) introduces a set of advanced services and new SQL capabilities aimed at protecting the data, not just the database:

  • Discovery and recommendations – The classification engine scans your database and identifies columns containing potentially sensitive data. It then provides you an easy way to review and apply the appropriate classification recommendations via the Azure portal.
  • Labeling – Sensitivity classification labels can be persistently tagged on columns using new classification metadata attributes introduced into the SQL engine. This metadata can then be utilized for advanced sensitivity-based auditing and protection scenarios.
  • Monitoring/Auditing – Sensitivity of the query result set is calculated in real time and used for auditing access to sensitive data (currently in Azure SQL DB only).
  • Visibility – The database classification state can be viewed in a detailed dashboard in the portal. Additionally, you can download a report, in Excel format, to be used for compliance and auditing purposes, as well as other needs.

Additional SQL IP capabilities will continue rolling out throughout 2018

How does SQL Information Protection work?

SQL IP was designed with the goal of streamlining the process of discovering, classifying, and labeling sensitive data in your database environment.

With built-in automated classification engine identifies columns containing potentially sensitive data, and provides a list of classification recommendations. You can also manually classify and label your columns.


Once you classify and label your data, a dashboard provides visibility into the classification state of your database, as well as the ability to export and download a classification report in Excel format:


Finally, the SQL engine utilizes the column classifications to determine the sensitivity of query result sets. Combined with Azure SQL Database Auditing, this enables you to audit the sensitivity of the actual data being returned by queries:


Get started today!

You can try out SQL Information Protection today for improved visibility into your database environment, as well as for monitoring access to your sensitive data.

More details on using SQL Information Protection can be found below:

One thought on “SQL Information Protection for Azure and On-prem

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s