Microsoft has announced a new data protection feature for its SQL Server tool. The new capability enables organizations to classify and protect SQL Server data with Microsoft Information Protection (MIP) sensitivity labels.
If you’re unfamiliar, Microsoft Information Protection is a unified solution that enables customers to discover, classify, and protect data based on its sensitivity level. Essentially, it allows security administrators to monitor sensitive data and information to prevent unauthorized access.
Microsoft explains that SQL Server data protection is based on the same Microsoft Information Protection technology built into the Microsoft 365 services. Companies will be able to apply the sensitivity labels to data via the SQL Server Management Studio (SSMS) tool. The data classification feature is available for SQL Server 2012 and later, and it supports SSMS version 17.5 or newer.
“If you have created standard sensitivity labels in Microsoft 365 and would like the same labels to flow down to SQL Server and other downstream applications like PowerBI, then you have the good news! This new capability in SQL native classification enables you to authenticate to M365 and fetch the sensitivity labels automatically which can then be applied to the critical columns,” the company explained.
To get started, security administrators will need to head to the Microsoft 365 Compliance Center service to define the MIP sensitivity labels. Once done, they can use the SQL Server Management Studio to apply the labels to all data columns in SQL Server. Finally, a classification engine will scan the entire database for sensitive data columns and generate a report that includes recommended classifications.
According to Microsoft, the data classification capability is only available for SQL Server on premises at the moment. However, customers will be able to use this feature in the Azure portal in the coming months.
Microsoft plans to continue extending the SQL Server data classification feature to its data governance service called “Azure Purview.” With this feature, users will be able to apply Azure Purview’s data scanning rules to classify sensitive data stored in the database. This should make it easier for IT Admins to generate reports for auditing and compliance purposes. Interested users can learn more about how to enable sensitivity labels on this support page.