Azure SQL Database Managed Instance (preview) is a new capability of Azure SQL Database, providing near 100% compatibility with SQL server on-premises and a native virtual network (VNet) implementation that addresses common security concerns. With this, existing SQL Server customers can lift and shift their on-premises applications to the cloud with minimal database changes by preserving all PaaS capabilities.
Key features and capabilities of Managed Instance
|Security and compliance
Advanced Security and Compliance
- Managed Instance security isolation: Includes Native Virtual Network implementation, connectivity to on-premises environment using Azure Express Route or VPN Gateway; SQL endpoint is exposed only through a private IP address; and Single-tenant with dedicated underlying infrastructure.
- Auditing for compliance and security: Tracks and writes database events to an audit log in Azure.
- Data encryption in motion: Secures data by providing encryption using Transport Layer Security.
- Dynamic data masking: Limits sensitive data exposure by masking it to nonprivileged users.
- Row-level security: Controls access to rows based on characteristics of the user.
- Threat detection: Provides additional layer of security intelligence that detects unusual behaviour.
- Azure active directory and multi-factor authentication: Centrally manage user identity with AAD integration.