Security in SQL database in Microsoft Fabric

Applies to: ✅ SQL database in Microsoft Fabric

SQL database in Microsoft Fabric comes with a set of security controls that are on by default or easy to enable, which allows you to easily secure your data.

This article provides an overview of security capabilities in SQL database.

Authentication

Like other Microsoft Fabric item types, SQL databases rely on Microsoft Entra authentication. Once your database is shared with users, they're ready to connect to it with Microsoft Entra authentication.

For more information about authentication, see Authentication in SQL database in Microsoft Fabric.

Access control

You can configure access for your SQL database via two sets of controls:

• Fabric access controls - workspace roles and item permissions. They provide the easiest way to manage access for your databases users.
• Native SQL access controls, such SQL permissions or database-level roles. They allow granular access control. You can configure database-level roles with the Manage SQL security UI in Microsoft Fabric portal. You can configure ot SQL native controls with Transact-SQL.

For more information about access control, see Authorization in SQL database in Microsoft Fabric

Governance

Microsoft Purview is a family of data governance, risk, and compliance solutions that can help your organization govern, protect, and manage your entire data estate. Among other benefits, Microsoft Purview allows you to label your SQL database items with sensitivity labels and define protection policies that control access based on sensitivity labels.

For more information about data governance capabilities of Microsoft Purview for Microsoft Fabric, including SQL database, see:

• Use Microsoft Purview to govern Microsoft Fabric
• Information protection in Microsoft Fabric
• Protection policies in Microsoft Fabric (preview)
• Protect sensitive data in SQL database with Microsoft Purview protection policies

Network security

You can use private links to provide secure access for data traffic in Microsoft Fabric, including SQL database. Azure Private Link and Azure Networking private endpoints are used to send data traffic privately using Microsoft's backbone network infrastructure instead of going across the internet.

For more information about private links, see: Set up and use private links.

Encryption

All database connections use Transport Layer Security (TLS) 1.2 to protect your data in transit.

All your data is encrypted at rest by using Microsoft-managed keys.

Limitations

• Auditing and encryption using customer-managed keys are currently not supported in SQL database in Microsoft Fabric.

Related content

• Authentication in SQL database in Microsoft Fabric
• Authorization in SQL database in Microsoft Fabric
• Protect sensitive data in SQL database with Microsoft Purview protection policies