Azure SQL Database security | James Serra's Blog

(updated 10/28/20). Life we be so much easier if we could just trust everyone, but since we can’t we need solid security for our databases. Azure SQL Database and Azure Synapse Analytics have many security features to make you sleep well at night. All the below features are available for Azure SQL Database. All the features below except for Always Encrypted (vote for it) are available for Azure Synapse Analytics (the GA version):

Transparent Data Encryption (TDE). Encryption-at-rest. This encrypts your databases, associated backups, and transaction log files at rest without requiring changes to your applications. Bring Your Own Key (BYOK) support. See Transparent data encryption for SQL Database, SQL Managed Instance, and Azure Synapse Analytics
Always Encrypted. Encryption-in-use. Protects sensitive data without having to relinquish the encryption keys to Azure SQL Database. Data remains encrypted at all times – in transit, in memory, on disk and even during query processing. It is field-level encryption. See Always Encrypted
Row-level security. Enables fine-grained access over rows in a table. For Multi-tenant data access isolation. See Row-Level Security
Cell-level encryption. Encrypt a column of data by using symmetric encryption. See Encrypt a Column of Data
Dynamic data masking. Obfuscate confidential data in the result set of a query. See Dynamic Data Masking
IP firewall. IP address and port filtering. See Azure SQL Database and Azure Synapse IP firewall rules
Virtual network firewall. Enable Azure SQL Database to only accept communications that are sent from selected subnets inside a virtual network. See Use virtual network service endpoints and rules for servers in Azure SQL Database
SQL Authentication, which uses a username and password
Azure Active Directory Authentication. Simplifies password management by allowing you to connect to a number of Azure services including Azure SQL Database using the same identity. See Use Azure Active Directory authentication
Server-level and database-level roles. Role-based security allows you to assign permissions to a role, or group of users, instead of to individual users. See Server and Database Roles in SQL Server
Auditing: Log data access/change trails for regulatory compliance. See Auditing for Azure SQL Database and Azure Synapse Analytics and Monitor your Azure SQL Database Auditing activity with Power BI
Advanced Threat Detection: Receive alerts on suspicious database activities at the database or logical server level. See Advanced Threat Protection for Azure SQL Database, SQL Managed Instance, and Azure Synapse Analytics
Secure connection strings: Write secure connection strings for SQL Database. See Transport Layer Security (Encryption-in-transit)
Vulnerability assessment. Discover, track, and help remediate potential database vulnerabilities. See SQL Vulnerability Assessment helps you identify database vulnerabilities
Data discovery & classification. Discover, classify, label, and protect sensitive data in databases. See Data Discovery & Classification