Skip to main content Why Microsoft Security AI-powered cybersecurity Cloud security Data security & governance Identity & network access Privacy & risk management Security for AI Unified SecOps Zero Trust Microsoft Defender Microsoft Entra Microsoft Intune Microsoft Priva Microsoft Purview Microsoft Sentinel Microsoft Security Copilot Microsoft Entra ID (Azure Active Directory) Microsoft Entra Agent ID Microsoft Entra External ID Microsoft Entra ID Governance Microsoft Entra ID Protection Microsoft Entra Internet Access Microsoft Entra Private Access Microsoft Entra Permissions Management Microsoft Entra Verified ID Microsoft Entra Workload ID Microsoft Entra Domain Services Azure Key Vault Microsoft Sentinel Microsoft Defender for Cloud Microsoft Defender XDR Microsoft Defender for Endpoint Microsoft Defender for Office 365 Microsoft Defender for Identity Microsoft Defender for Cloud Apps Microsoft Security Exposure Management Microsoft Defender Vulnerability Management Microsoft Defender Threat Intelligence Microsoft Defender Suite for Business Premium Microsoft Defender for Cloud Microsoft Defender Cloud Security Posture Mgmt Microsoft Defender External Attack Surface Management Azure Firewall Azure Web App Firewall Azure DDoS Protection GitHub Advanced Security Microsoft Defender for Endpoint Microsoft Defender XDR Microsoft Defender for Business Microsoft Intune core capabilities Microsoft Defender for IoT Microsoft Defender Vulnerability Management Microsoft Intune Advanced Analytics Microsoft Intune Endpoint Privilege Management Microsoft Intune Enterprise Application Management Microsoft Intune Remote Help Microsoft Cloud PKI Microsoft Purview Communication Compliance Microsoft Purview Compliance Manager Microsoft Purview Data Lifecycle Management Microsoft Purview eDiscovery Microsoft Purview Audit Microsoft Priva Risk Management Microsoft Priva Subject Rights Requests Microsoft Purview Data Governance Microsoft Purview Suite for Business Premium Microsoft Purview data security capabilities Pricing Services Partners Cybersecurity awareness Customer stories Security 101 Product trials How we protect Microsoft Industry recognition Microsoft Security Insider Microsoft Digital Defense Report Security Response Center Microsoft Security Blog Microsoft Security Events Microsoft Tech Community Documentation Technical Content Library Training & certifications Compliance Program for Microsoft Cloud Microsoft Trust Center Security Engineering Portal Service Trust Portal Microsoft Secure Future Initiative Business Solutions Hub Contact Sales Start free trial Microsoft Security Azure Dynamics 365 Microsoft 365 Microsoft Teams Windows 365 Microsoft AI Azure Space Mixed reality Microsoft HoloLens Microsoft Viva Quantum computing Sustainability Education Automotive Financial services Government Healthcare Manufacturing Retail Find a partner Become a partner Partner Network Microsoft Marketplace Marketplace Rewards Software development companies Blog Microsoft Advertising Developer Center Documentation Events Licensing Microsoft Learn Microsoft Research View Sitemap

Tags

Content types

Products and services

Topics

This post is authored by Gilad Mittelman, Senior Program Manager, SQL Data Security. 

Data privacy and data security have become one of the most prominent topics in organizations in almost every industry across the globe. New regulations that formalize requirements are emerging around these topics and compel organizations to comply.

The upcoming EU Global Data Protection Regulation (GDPR), which takes effect on May 25, 2018, is one of the most noteworthy of these new regulations. It sets a new global bar for privacy rights, security, and compliance, mandating many requirements and obligations on organizations across the globe. Complying with this regulation will necessitate significant investments in data handling and data protection for a very large number of organizations.

GDPR and Microsoft SQL

SQL Information Protection (SQL IP), now in public preview, complements the existing Microsoft Information Protection (MIP) unstructured data classification framework (Azure Information Protection, Microsoft 365) and extends it with new structured data classification capabilities.

Microsoft SQL customers who are subject to the GDPR, whether managing cloud-based or on-premises databases or both, will need to ensure that qualifying data in their database systems is aptly handled, protected and monitored according to GDPR principles. This means that many customers will need to review or modify their database management and data handling procedures, especially focusing on the security of data processing as stipulated in the GDPR – the first step in this journey to compliance is discovering and tagging where such sensitive data resides within the database environment.

SQL IP introduces advanced capabilities built into Azure SQL Database and SQL Server for discovering, classifying, labeling and protecting the sensitive data in your SQL databases.

Discovering and classifying your most sensitive data (business, financial, healthcare, PII, etc.) can play a pivotal role in your organizational information protection stature. It can serve as infrastructure for:

  • Helping meet data privacy standards and regulatory compliance requirements, such as GDPR.
  • Data-centric security scenarios, such as monitoring (auditing) and alerting on anomalous access to sensitive data.
  • Controlling access to and hardening the security of databases containing highly-sensitive data.

What is SQL Information Protection?

SQL IP introduces a set of advanced services and new SQL capabilities, forming a new information protection paradigm in SQL aimed at monitoring and protecting the data, not just the database:

  • Discovery and recommendations – A built-in classification engine scans your database and identifies columns containing potentially sensitive data. It then provides you an effortless way to review and apply the appropriate classification recommendations via the Azure portal or via SQL Server Management Studio.
  • Labeling – Sensitivity classification labels can be persistently tagged on columns using new classification metadata attributes introduced into the SQL Engine. This metadata can then be utilized for advanced sensitivity-based auditing and protection scenarios.
  • Monitoring/Auditing – Sensitivity of the query result set is calculated in real time and used for auditing access to sensitive data. Additional logic can then be applied on top of the audit logs, for identifying and alerting on anomalous access to sensitive data, data extraction of large volumes of PII, etc.
  • Visibility – The database classification state can be viewed in a detailed dashboard in the portal as seen in Figure 1 below. Additionally, you can download a report (in Excel format) to be used for compliance & auditing purposes, as well as other needs.
Figure 1: Data discovery and classification dashboard

Figure 1: Data discovery and classification dashboard

SQL Information Protection in action – demo video

The following video demonstrates the main SQL Information Protection public preview capabilities for Azure SQL DB and SQL Server:

What’s next?

Additional SQL IP capabilities will continue rolling out throughout the upcoming year, with a focus on scale and automation.

We’ll be introducing centralized management via Azure Security Center, enabling organizations to customize the organizational information protection policy with proprietary labels and discovery (recommendations) logic enrichment. We’ll also be introducing centralized dashboards for visibility into the sensitivity state of all resources across the entire database estate.

In addition, various automation capabilities will be exposed, for supporting fully automated classification and labeling of large numbers of databases at scale.

We encourage customers to contact us with any questions or feedback at sqlsecurityfd@microsoft.com.

Additional resources on SQL Information Protection

More details on using SQL Information Protection can be found in:

Microsoft

Microsoft Security Team

See Microsoft Security Team posts

Related posts

Get started with Microsoft Security

Protect your people, data, and infrastructure with AI-powered, end-to-end security from Microsoft.

Learn how

Connect with us on social

Surface Pro Surface Laptop Surface Laptop Studio 2 Copilot for organizations Copilot for personal use AI in Windows Explore Microsoft products Windows 11 apps Account profile Download Center Microsoft Store support Returns Order tracking Certified Refurbished Microsoft Store Promise Flexible Payments Microsoft in education Devices for education Microsoft Teams for Education Microsoft 365 Education How to buy for your school Educator training and development Deals for students and parents AI for education
Microsoft AI Microsoft Security Dynamics 365 Microsoft 365 Microsoft Power Platform Microsoft Teams Microsoft 365 Copilot Small Business Azure Microsoft Developer Microsoft Learn Support for AI marketplace apps Microsoft Tech Community Microsoft Marketplace Marketplace Rewards Visual Studio Careers About Microsoft Company news Privacy at Microsoft Investors Diversity and inclusion Accessibility Sustainability
English (United States)
Your Privacy Choices Opt-Out Icon Your Privacy Choices
Consumer Health Privacy Sitemap Contact Microsoft Privacy Manage cookies Terms of use Trademarks Safety & eco Recycling About our ads