Implement data masking

  1. Home
  2. Implement data masking

Go back to DP-200 Tutorials

In this we will learn about Azure SQL Database, Azure SQL Managed Instance, and Azure Synapse Analytics support dynamic data masking. However, Dynamic data masking limits sensitive data exposure by masking it to non-privileged users. And, it helps prevent unauthorized access to sensitive data by enabling customers to designate how much of the sensitive data to reveal with minimal impact on the application layer.

Dynamic data masking basics

You set up a dynamic data masking policy in the Azure portal by selecting the Dynamic Data Masking blade under Security in your SQL Database configuration pane.

Dynamic data masking permissions

You should know that, Dynamic data masking can be configured by the Azure SQL Database admin, server admin, or SQL Security Manager roles.

Dynamic data masking policy
  • Firstly, SQL users excluded from masking – A set of SQL users or Azure AD identities that get unmasked data in the SQL query results.
  • Secondly, Masking rules – A set of rules that define the designated fields to be masked and the masking function that is used.
  • Thirdly, Masking functions – A set of methods that control the exposure of data for different scenarios.
DP-200 practice tests

Recommended fields to mask

The DDM recommendations engine, flags certain fields from your database as potentially sensitive fields, which may be good candidates for masking. In the Dynamic Data Masking blade in the portal, you will see the recommended columns for your database. All you need to do is click Add Mask for one or more columns and then Save to apply a mask for these fields.

Set up dynamic data masking for your database using PowerShell cmdlets

Data masking policies

  • Firstly, Get-AzSqlDatabaseDataMaskingPolicy
  • Secondly, Set-AzSqlDatabaseDataMaskingPolicy

Data masking rules

  • Firstly, Get-AzSqlDatabaseDataMaskingRule
  • Secondly, New-AzSqlDatabaseDataMaskingRule
  • Thirdly, Remove-AzSqlDatabaseDataMaskingRule
  • Lastly, Set-AzSqlDatabaseDataMaskingRule
Set up dynamic data masking for your database using the REST API

You can use the REST API to programmatically manage data masking policy and rules. The published REST API supports the following operations:

Data masking policies

  • Firstly, Create Or Update: Creates or updates a database data masking policy.
  • Secondly, Get: Gets a database data masking policy.

Data masking rules

  • Firstly, Create Or Update: Creates or updates a database data masking rule.
  • Secondly, List By Database: Gets a list of database data masking rules.
Implement data masking DP-200 Online course

Reference: Microsoft Documentation

Go back to DP-200 Tutorials

Menu