You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
-**Integrate with Azure Virtual Networks**: Use virtual network rules to allow traffic only from specific subnets within your Azure virtual networks. This provides an additional layer of network isolation beyond IP-based rules. For more information, see [Virtual network rules for Azure SQL Database](vnet-service-endpoint-rule-overview.md).
35
35
36
-
-**Enable connection encryption**: Configure all client connections to use encryption in transit. Azure SQL Database supports TLS 1.2 by default, ensuring data is protected while moving between clients and the database. TLS 1.3 is also available. For more information, see [Connectivity architecture](connectivity-architecture.md).
36
+
-**Enable connection encryption**: Configure all client connections to use encryption in transit. Azure SQL Database supports Transport Layer Security (TLS) 1.2 by default, ensuring data is protected while moving between clients and the database. TLS 1.3 is also available. For more information, see [Connectivity architecture](connectivity-architecture.md).
37
37
38
38
-**Disable public access when using private endpoints**: When using private endpoints, disable public network access entirely to ensure all connections go through the private endpoint. This provides the highest level of network security. For more information, see [Deny public network access](connectivity-settings.md#deny-public-network-access).
-**Use database roles for access management**: Leverage built-in database roles and create custom roles to implement role-based security. Assign users to roles rather than granting individual permissions to simplify management and reduce errors. For more information, see [Database-level roles](/sql/relational-databases/security/authentication-access/database-level-roles).
73
73
74
-
-**Implement just-in-time access**: Use Azure AD Privileged Identity Management (PIM) to provide time-limited, approval-based access to administrative roles. This ensures users only have elevated privileges when needed. For more information, see [Privileged Identity Management](/azure/active-directory/privileged-identity-management/pim-configure).
74
+
-**Implement just-in-time access**: Use Microsoft Entra Privileged Identity Management (PIM) to provide time-limited, approval-based access to administrative roles. This ensures users only have elevated privileges when needed. For more information, see [Privileged Identity Management](/azure/active-directory/privileged-identity-management/pim-configure).
75
75
76
76
## Data protection
77
77
@@ -89,7 +89,7 @@ Data protection safeguards your information through encryption, access controls,
89
89
90
90
-**Implement column-level security**: Grant permissions at the column level to restrict access to sensitive data. Only provide SELECT, UPDATE, or REFERENCES permissions to users who specifically need access to sensitive columns. For more information, see [Column-level security](/sql/relational-databases/security/encryption/encrypt-a-column-of-data).
91
91
92
-
-**Use Row-Level Security (RLS)**: Implement RLS to ensure users can only access data rows that are relevant to them. This provides application-level security without requiring significant application changes and is ideal for multi-tenant scenarios. For more information, see [Row-Level Security](/sql/relational-databases/security/row-level-security).
92
+
-**Use Row-Level Security (RLS)**: Implement RLS to ensure users can only access data rows that are relevant to them. This provides application-level security without requiring significant application changes and is ideal for multitenant scenarios. For more information, see [Row-Level Security](/sql/relational-databases/security/row-level-security).
0 commit comments