I have 7 different SQL Managed Instances which were newly migrated over from SQL VM.
I also have 7 different Azure SQL Databases which were also newly created.
I want to make sure that I completely secure all my SQL MI and Azure SQL to eliminate any security vulnerabilities and also avoid any SQL Injection attacks.
I have already implemented the following -:
- Public Endpoint is enabled and I have setup NSG rules to configure the IP addresses which have inbound access to the SQL MI instances.
I was also doing some reading into some other best practices to secure the SQL Managed Instance and Azure SQL Databases and below are some of the things that I found -:
- Implement Row level security
- SQL Database Auditing
- Always Encrypted feature
- Dynamic Data Masking
- Data Discovery and Classification
I would appreciate if you guys can advise if these are worth looking into and should they be implemented in the environments based on your experience.
Also does implementing any of these best practices degrades the performance.