
Azure SQL Data Warehouse is a secure cloud data solution tuned for fast and flexible complex queries across enterprise workloads. While it has become a critical pain-point to address the issues of discovery, classification, and protection of client sensitive data Microsoft announced the public preview of Data Discovery & Classification for Azure SQL Data Warehouse. This feature introduced natively with Azure SQL Data Warehouse remediates the complexity of management of such sensitive data.
Benefits of the Data Discovery & Classification feature:
- Compliance with the industry data privacy standards and regulatory requirements such as General Data Protection Regulation (GDPR).
- Extra security layer for data warehouses
- Monitoring and alerting on unauthorized access to sensitive data
- Data visualization dashboards in the Azure portal
Features of the Data Discovery & Classification for Azure SQL Data Warehouse:
- Auto-discovery and recommendations – data discovery engine scans a data warehouse for potentially sensitive data and provides an easy way to review recommendations and apply appropriate classifications via the Azure portal.
- Sensitivity level classification & labeling – feature allows tagging sensitivity classification labels that persist in the data warehouse.
- Reporting capabilities – dashboards in the Azure portal allow a detailed overview of the data classifications. A complete report in Microsoft Excel format can be downloaded as well.
- Monitoring and audit – the audit feature has been enhanced to log sensitivity classifications and labels returned by the query which provides comprehensive insights on the access statistics.

How it works
Data Discovery & Classification has underlying automated classification engines to identify potentially sensitive data. Next, it provides appropriate recommendations to choose from. The data can be persisted as sensitivity metadata directly in the data warehouse. This allows for manual classification and columns labeling. It is also possible to define custom labels and information types in addition to those available by default.
Using T-SQL to add, remove, and retrieve column classifications across the tables in a data warehouse:
- Add sensitivity classification to add or update the classification on one or more columns
- Drop sensitivity classification to remove the classification from one or more columns
- Use sys.sensitivity classifications to view all classifications in the database
On top of the above features, Azure SQL Data Warehouse engine uses column classifications to determine the sensitivity level of the query results. When combined with Azure SQL Data Warehouse Auditing it allows auditing of the sensitivity level of the data returned by queries.
Data Discovery & Classification for Azure SQL Data Warehouse is available in all Azure regions as part of Advanced Data Security and including Vulnerability Assessment and Threat Detection.
Further reading
- check out online documentation Azure SQL Database Data Discovery & Classification
- Monitoring Access for threats and Securing Data
- Virtual Networks and Security Roadmap
Get the best out of your Azure resources with Netreo
While Microsoft Azure provides basic monitoring and alerting of the status of your resources, users that require advanced monitoring, auto-scaling or self-healing features for their cloud instances, should learn more about Netreo. Along with advanced features designed to keep Azure resources stable, Netreo also provides powerful dashboards, historical reporting, various integrations to popular ITSM and other IT tools and much more.