In this lab, we will be creating and securing an Azure Synapse Analytics instance. We will secure the environment by creating a delete lock, enabling transparent data encryption, configuring auditing, and configuring a firewall.
Successfully complete this lab by achieving the following learning objectives:
- Provision the Environment
To start our lab, we will provision an Azure Synapse instance. The goal will be a quick refresh on how to provision an instance and quickly navigate the provisioning blades.
Create a Gen2 DW200c instance with a new SQL pool and server. The environment should use sample data as a data source.
Note: Do not select Start Free Trial.
- Create a Delete Lock
In this objective, we will learn how to create a delete lock to service the environment.
- Enable Transparent Data Encryption
Next, we will learn how to enable transparent data encryption to encrypt your databases, backups, and logs at rest.
- Configure Firewall and Network Settings
In this objective, we will review firewalls and learn how to set a minimum TLS version (set to reject any TLS less than 1.0) and how to create a VNet and add our SQL pool to that VNet.
- Configure Auditing
Finally, we will turn on auditing and deposit logs into a storage account.
- Set storage (general purpose v2) as standard and replicate with LRS.
- Set the number of retention days to 180.