Microsoft Enables SQL Server Information Protection Scheme
The Microsoft Information Protection (MIP) service now works with SQL Server data, and can be applied using SQL Server Management Studio (SSMS), according to a Monday Microsoft announcement.
Organizations can use the sensitivity labels of the Microsoft Information Protection (MIP) service to classify SQL Server data. These labels, which flag the sensitivity of data, can then be applied using the SSMS tool.
This capability within SSMS may be at the preview stage or it may be commercially released. Microsoft didn't describe the release status. However, it's said to be "supported for SQL Server 2012 and later" and works with "SSMS 17.5 or later," per this Microsoft document.
Organizations that have created "standard" sensitivity labels for use with Microsoft 365 services can automatically apply them to SQL Server data, the announcement suggested:
If you have created standard sensitivity labels in Microsoft 365 and would like the same labels to flow down to SQL Server and other downstream applications like PowerBI, then you have the good news! This new capability in SQL native classification enables you to authenticate to M365 and fetch the sensitivity labels automatically which can then be applied to the critical columns
Organizations first create the MIP sensitivity labels using the Microsoft 365 Compliance Center service. They next use SSMS to apply those labels to columns of data in SQL Server, the document explained. With this scheme, a "classification engine" will scan columns of SQL Server data and send a report if there are recommended classifications to enact.
This data classification approach is arriving on the server side first. It's just "currently available for SQL Server on premises only," the announcement explained. "You will be able to see the same functionality in Azure portal in upcoming months," it added.
Microsoft has plans to extend SQL Server data classification to its other tools as well, including integration with Azure Purview, Microsoft's data governance service. The idea is to apply Azure Purview's data scanning rules to classify any sensitive data stored using the SQL Server database management system. When enabled, organizations will be able to create reports for compliance and auditing purposes.
Microsoft generally refers to this process as "SQL data discovery and classification." It's said to go beyond just protecting the database.
"Data Discovery & Classification forms a new information-protection paradigm for SQL Database, SQL Managed Instance, and Azure Synapse, aimed at protecting the data and not just the database," the document indicated.
Kurt Mackie is senior news producer for 1105 Media's Converge360 group.