Use Microsoft Purview DevOps policies to control access and limit insider threats | Data Exposed
Published Apr 26 2023 01:20 PM 855 Views
Microsoft

Data is at the core of any modern process. To continue to operate, organizations must ensure their databases' integrity and high availability. At the same time, critical IP, customer, and employee information must be protected by ensuring appropriate visibility and preserving user privacy.

 

In this episode of Data Exposed with Anna Hoffman and Vlad Rodriguez, you'll dive into how Microsoft Purview DevOps policies structure the process of granting and revoking access to system metadata views like DMVs and DMFs. These are SQL queries that return information about model objects, server and database performance, as well as server health. DevOps policies provide IT operations personnel and other DevOps users access to the information they need to keep databases running and secure. Access is provisioned from the Microsoft Purview portal, replacing the need for administrators with privileged accounts to configure that access locally, that is, at each SQL Server. Limiting the use of privileged accounts is key to curb the insider threat. Since access is granted centrally, it can be easily reviewed by auditors. Access that is no longer needed can be easily identified and removed. DevOps policies follow the Principle of Least Privilege (PoLP). DevOps policies support policies on entire resource groups and subscriptions, which means they can be enforced uniformly by all SQL servers inside that resource group or subscription. Less expertise is required without compromising security.

 

Resources:

Version history
Last update:
‎Apr 26 2023 01:01 PM
Updated by: