Azure SQL Database Data Discovery and Classification

In then digital world we are moving to, Data Privacy and Compliance becomes a key part of the way we drive our business. 

Microsoft Azure SQL Is making it easier to discover and categorize the data in your database. Data Discovery & Classification (currently in preview) provides advanced capabilities built into Azure SQL Database for discoveringclassifyinglabeling & protecting the sensitive data in your databases.

Data Discovery & Classification introduces a set of advanced services and new SQL capabilities, forming a new SQL Information Protection paradigm aimed at protecting the data, not just the database:

  • Discovery & recommendations – The classification engine scans your database and identifies columns containing potentially sensitive data. It then provides you an easy way to review and apply the appropriate classification recommendations via the Azure portal.
  • Labeling – Sensitivity classification labels can be persistently tagged on columns using new classification metadata attributes introduced into the SQL Engine. This metadata can then be utilized for advanced sensitivity-based auditing and protection scenarios.
  • Query result set sensitivity – The sensitivity of query result set is calculated in real time for auditing purposes.
  • Visibility – The database classification state can be viewed in a detailed dashboard in the portal. Additionally, you can download a report (in Excel format) to be used for compliance & auditing purposes, as well as other needs.

Auditing access to sensitive data

An important aspect of the information protection paradigm is the ability to monitor access to sensitive data. Azure SQL Database Auditing has been enhanced to include a new field in the audit log called data_sensitivity_information, which logs the sensitivity classification (labels) of the actual data that was returned by the query.

Navigation pane