SQL Database

  1. Enable lockdown of Blob firewall to selected networks for the purposes of storing Azure SQL auditing logs etc

    Enable lockdown of Blob firewall to Selected networks/Trusted Microsoft Services for the purposes of storing Azure SQL auditing logs and Azure SQL Database vulnerability assesments.

    Last thing anyone wants is an internet hack on the blob that contains log files listing your vulnerabilities, users, tablenames and other juicy content found in the audit and scan logs.

    Can hardly believe that this passes any compliance regimens!

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  2. Report ResourceWriteSuccess when an Azure SQL Database is renamed via SQL script.

    Azure SQL Server is not reporting an event to ARM to indicate that a database was renamed (ResourceWriteSuccess event would be appropriate). If you have an Event Grid Subscription for the event ResourceWriteSuccess on a resource group, and rename an Azure SQL Database via T-SQL, you will not receive the ResourceWriteSuccess event. I don't know if this is intentional. The SQL Database disappears in the portal, and reappears minutes later with the new name. This indicates to me that a resource was created or updated, according to the definition of the ResourceWriteSuccess event.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Bugs  ·  Flag idea as inappropriate…  ·  Admin →
  3. Create AAD databases users when connected as a Service Principal

    When connected to an AAD enabled Azure SQL database as a Service Principal, additional AAD sourced users cannot be created.

    For example:

    CREATE USER [username] FROM EXTERNAL PROVIDER

    Will give an error of:

    Principal 'username' could not be resolved.
    Error message: 'AADSTS65002: Consent between first party applications and resources must be configured via preauthorization.
    Visit https://identitydocs.azurewebsites.net/static/aad/preauthorization.html for details

    The documentation linked to is private to Microsoft. However public documentation does state this use case isn't supported:

    https://docs.microsoft.com/en-us/azure/sql-database/sql-database-aad-authentication-configure?tabs=azure-powershell#create-contained-database-users-in-your-database-mapped-to-azure-ad-identities
    "In the case that the error says access between first-party applications must be handled via preauthorization, the issue is because the user is…

    23 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Flag idea as inappropriate…  ·  Admin →
  4. Allow cross queries in Azure SQL Database in a virtual network without requiring "allow access to azure services" enabled.

    Currently, in order to execute cross queries between two SQL databases on the same virtual network, either the public microsoft ip address of the Azure location must be whitelisted on the server firewall, or "allow access to azure services" must be enabled. This design limitation defies the intention of the improved security of placing the Azure Dbs in a virtual network. Suggestion: allow cross queries between databases in a virtual network without externally exposing those databases to anonymous attacks/connections from outside the virtual network.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  5. there should be option to down grade from Azure SQL DWH to Azure Sql.

    there should be option to down grade from Azure SQL DWH to Azure Sql.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  6. Automated Backup of SQL DB: Should be visible to customer.

    As of today, we have no visibility of automated backup. Though, we rely of Microsoft to have successful backup but as a consumer/customer, we should have listing of backups when it is done and what is the status of backups.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  7. Azure SQL Server Elastic Pools auto scale - Auto Pilot

    Azure SQL Server Elastic Pools and Databases should have an option to configure max usage and it should scale automatically. We should be charged by its usage. The feature should be similar to the AutoPilot feature of Cosmos DB.

    It takes a lot of work to be able to scale up and down Elastic Pools, and since it is service it should have this feature.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  8. Completed notification of reconfiguration

    There should be some kind of notification when reconfiguration is completed especially when it takes more time than normally. There was a situation where couple of our databases were very long time (many hours) in pausing status while reconfiguration was going on. It was annoying when you did not know when reconfiguration was completed instead you have to check time to time what is status of databases.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Bugs  ·  Flag idea as inappropriate…  ·  Admin →
  9. Maintain PiTR/LTR history after performing a restore

    When a restore is performed for an Azure SQL database, the restored database instance does not carry over the existing PiTR/LTR history. Even if the origination database is deleted, and the restored instance is renamed, the backup history does not carry over to the renamed instance.

    It would be very helpful to either allow an overwrite of the existing database with a PiTR/LTR, or have a way to duplicate the backups from the origination database from geo-replicated blob storage (RA-GRS).

    The following Stack Overflow question may help to understand the issue better:

    https://stackoverflow.com/questions/58097139/restore-azure-sql-db-over-an-existing-db-to-maintain-backup-history

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  10. Allow online ALTER of clustered primary key.

    Allow online alter of clustered primary key.

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  11. Give an option to create bacpac file for azure SQL Data-warehouse

    We have an azure data warehouse database and we want to take a back up of the objects in it (stored proc, tables and other scripts). It seems like there is an option to create bacpac files using the export option in azure database but not available for Azure SQL Datawarehouse. Is it correct?

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  12. Add support for encryption with 4096-bit keys stored in Azure Key Vault

    Currently the ENCRYPTBYASYMKEY() function only support an RSA key up to 2048-bits, which is currently not the highest available (https://docs.microsoft.com/en-us/sql/t-sql/functions/encryptbyasymkey-transact-sql?view=sql-server-ver15)

    And also storing a key/certificate inside the database isn't state of the art in 2020.

    So it would be nice if we could see an integration with Azure Key Vault (to store our keys/certificates centrally) for Azure SQL databases. And then indirectly also support 4096-bit keys to encrypt content inside the database.

    9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  13. TempDB Log Used Percent Usage

    Current metric on azure portal reflects the current log file usage, even though the file is set to autogrow. Hence the percentage would be better used with comparison to the total file size of temp log.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Bugs  ·  Flag idea as inappropriate…  ·  Admin →
  14. location

    When using the student account to creating the azure sql. it always show that the server location is not availbe to the subscription.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Bugs  ·  Flag idea as inappropriate…  ·  Admin →
  15. Hyperscale: support for Transparent Data Encryption using Key Vault (BYOK)

    It would be great to have support for Transparent Data Encryption (TDE) using a Key Vault generated key, commonly referred as Bring Your Own Key or BYOK).

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  16. Database Service Objective changer - "Unknown"

    When we perform Database Service Objective change through TSQL (Sql Server Management Studio) , it's details of operation like, caller, IP address and event initiated by are not logged in the Azure portal.

    Sample TSQL Command:
    ALTER DATABASE [DBNAME]

    MODIFY ( EDITION = 'Premium', SERVICE_OBJECTIVE = 'P6')

    5 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Bugs  ·  Flag idea as inappropriate…  ·  Admin →
  17. Advance Notification of Azure SQL maintenance

    Customers can receive advance notification for Scheduled Maintenance to Azure SQL Database.
    Currently the notification is sent when update for Azure SQL is applied.
    But the notification is NOT sent when reconfiguration is performed manually due to any maintenance purpose.

    During reconfiguration happens, many batch jobs cannot connect to database and end abnormally.
    Those batch jobs are very important for their business.
    The customer request to send notification before all maintenance which cause reconfiguration.

    32 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  18. You could show the Alert message on portal during changing the default configuration

    You could show the Alert message on portal during changing the default configuration instead of only sending the email.

    Customer may miss the notification email for upcoming update, it would be better to pop up the alert message while creating Azure service or overview page of service.

    For example, the backup retention of database was changed from 35 days to 7 days from 1 July, 2019. There is no option to change backup retention day while creating the Azure SQL/SQL Database.

    It would be helpful if you show the notification in Azure SQL Database overview or creating configuration.

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  19. SQL Database and SQL Server auditing settings should allow disabling BATCH_COMPLETED_GROUP

    I want to disable BATCHCOMPLETEDGROUP when forwarding auditing logs to Log Analytics workspaces and choose a setting that better satisfies my auditing requirements as described here: https://docs.microsoft.com/en-us/azure/templates/microsoft.sql/2017-03-01-preview/servers/databases/auditingsettings#databaseblobauditingpolicyproperties-object.

    When enabling either or both SQL Database and Azure SQL Server auditing, you also need to enable the diagnostic setting 'SQLSecurityAuditEvents’. This comes with the default setting to log events from the BATCHCOMPLETEDGROUP. This logs all t-sql statements issued on the database.

    Right now, important statements as ALTER USER and ALTER ROLE are drowned out by the noise created by harmless statements. And these harmless statements also increase…

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  20. point in time restore - to validate the target database tier if it will fit database size before starting the restore process

    point in time restore - to validate the target database tier if it will fit database size before starting the restore process

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

SQL Database

Categories

Feedback and Knowledge Base