Enable Microsoft Defender for SQL & Data Classification | DP-300 Lab 05 | Dynamic Data Masking

Welcome to Lab 05 of the DP-300 Implementing an Azure SQL Database Administrator certification series! ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ WHAT YOU'LL LEARN IN THIS VIDEO ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ ✅ Clone the DP-300 lab repository from GitHub using VS Code ✅ Deploy Azure SQL Server and database using Azure CLI and PowerShell ✅ Enable Microsoft Defender for SQL on an Azure SQL Server ✅ Review Microsoft Defender for Cloud recommendations for Azure SQL ✅ Run a Vulnerability Assessment scan on the AdventureWorksLT database ✅ Review vulnerability findings by risk level — high, medium, and low ✅ Set a Vulnerability Assessment baseline and verify passed security checks ✅ Understand Advanced Threat Protection detection capabilities ✅ Trigger a SQL Injection alert using SSMS with a custom Application Name ✅ Review SQL Injection security alerts in Microsoft Defender for Cloud ✅ Enable Data Discovery and Classification on AdventureWorksLT database ✅ Accept all 15 column classification recommendations in the Azure Portal ✅ Manually add MiddleName column classification — Confidential GDPR label ✅ Configure Dynamic Data Masking (DDM) on FirstName, MiddleName, LastName ✅ Query masked data as admin vs low-privilege user (Bob) using EXECUTE AS ✅ Grant and revoke UNMASK privilege using T-SQL ✅ Clean up lab resources — delete resource group, SQL resources, and LabFiles folder ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 🛠️ KEY CONCEPTS COVERED IN THIS LAB ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 🔹 Microsoft Defender for SQL: • Enable Defender for SQL on Azure SQL Server • Defender for Cloud recommendations and security posture 🔹 Vulnerability Assessment: • On-demand scan and scheduled scanning • Risk levels — High, Medium, Low (CIS benchmarks) • Setting baseline — Add all results as baseline • VA1143 and other vulnerability rule IDs 🔹 Advanced Threat Protection: • SQL Injection detection and alerting • Application Name connection property in SSMS • Potential SQL Injection alert in Defender for Cloud • Vulnerable statement and client application tracking 🔹 Data Discovery and Classification: • SQL Information Protection policy • 15 columns across 5 tables — auto-recommendations • Information type and Sensitivity label assignment • Manual classification — Confidential GDPR 🔹 Dynamic Data Masking (DDM): • Add masking rules on SalesLT.Customer columns • EXECUTE AS USER — simulate low-privilege access • GRANT UNMASK and REVOKE UNMASK T-SQL commands • Admin bypass of masking by default ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ ⏱️ ESTIMATED LAB DURATION ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 🕐 Approximately 30 minutes ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 🔗 IMPORTANT LINKS ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 📖 Microsoft Learn Lab : https://learn.microsoft.com/en-us/tra... 💻 Github Link : https://microsoftlearning.github.io/d... ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 📌 EXAM TIPS FOR DP-300 ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 💡 Microsoft Defender for SQL includes two key capabilities — Vulnerability Assessment and Advanced Threat Protection. Know what each does independently, as the DP-300 exam tests both separately. 💡 Vulnerability Assessment uses CIS benchmarks to scan for misconfigurations and security risks — setting a baseline means future scans only flag deviations from that baseline, reducing noise. 💡 Advanced Threat Protection detects anomalous activity such as SQL injection, data exfiltration, and brute force attacks — it does NOT prevent them but alerts you so you can investigate and respond. 💡 Dynamic Data Masking operates at the SQL Server level — admin accounts bypass masking by default. Use GRANT UNMASK to give non-admin users access to unmasked data, and REVOKE UNMASK to remove it. 💡 Data Discovery and Classification uses SQL Information Protection policy to recommend sensitivity labels — understand the difference between Information type (e.g. Name, Financial) and Sensitivity label (e.g. Confidential, Confidential GDPR) for the DP-300 exam. ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 🔔 DON'T FORGET ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 👍 Like this video if it helped you 🔔 Subscribe & hit the bell so you don't miss the next lab 💬 Got questions? Drop them in the comments — I reply to every one! ⏮️ PREVIOUS VIDEO → Lab 04: Implement a Secure Environment in Azure SQL ▶️ NEXT VIDEO → Lab 06: Isolate Performance Problems #DP300 #AzureSQL #MicrosoftDefenderForSQL #DataClassification #DynamicDataMasking #DDM #VulnerabilityAssessment #AdvancedThreatProtection #SQLInjection #AzureDBA #SSMS #TSQL #AzureSQLSecurity #DefenderForCloud #AzureCertification #MicrosoftLearn #ExamPrep2026 #DP300Lab #DataDiscovery #GDPR #AzurePortal #SQLSensitivityLabels #UNMASK

Provision SQL Server on Azure Virtual Machine | DP-300 Lab 01 | Azure SQL VM Setup | 2026
▶︎

Provision SQL Server on Azure Virtual Machine | DP-300 Lab 01 | Azure SQL VM Setup | 2026

Provision an Azure SQL Database with Private Endpoint | DP-300 Lab 02 | Virtual Network | SSMS
▶︎

Provision an Azure SQL Database with Private Endpoint | DP-300 Lab 02 | Virtual Network | SSMS

Android 17 sucks. So I put Linux on a phone.
▶︎

Android 17 sucks. So I put Linux on a phone.

Isolate Performance Problems Through Monitoring | DP-300 Lab 06 | Azure SQL | 2026
▶︎

Isolate Performance Problems Through Monitoring | DP-300 Lab 06 | Azure SQL | 2026

Azure Service Endpoint vs Private Endpoint | Which Should You Use?
▶︎

Azure Service Endpoint vs Private Endpoint | Which Should You Use?

Real-Time WebSockets Course | Build a Live Sports Dashboard with Node.js & PostgreSQL
▶︎

Real-Time WebSockets Course | Build a Live Sports Dashboard with Node.js & PostgreSQL

Configure Azure SQL Authentication & Authorization | DP-300 Lab 03 | Microsoft Entra ID | RBAC
▶︎

Configure Azure SQL Authentication & Authorization | DP-300 Lab 03 | Microsoft Entra ID | RBAC

When Stupid Cops Mess With FBI Agent
▶︎

When Stupid Cops Mess With FBI Agent

Something is jamming GPS over Europe. Here's what we found
▶︎

Something is jamming GPS over Europe. Here's what we found

Design Power BI Reports | PL-300 Lab 09 | Slicers, Visuals & Publish to Service | 2026
▶︎

Design Power BI Reports | PL-300 Lab 09 | Slicers, Visuals & Publish to Service | 2026

The French Do Not Care About Work
▶︎

The French Do Not Care About Work

Beginner to T-SQL [Full Course]
▶︎

Beginner to T-SQL [Full Course]

Billionaire's WARNING: I'm SELLING. The Crash Is Already Here!
▶︎

Billionaire's WARNING: I'm SELLING. The Crash Is Already Here!

Keynote: After the AI Hype – What’s Real, and What’s Next - Richard Campbell - 2026
▶︎

Keynote: After the AI Hype – What’s Real, and What’s Next - Richard Campbell - 2026

System Design Explained: APIs, Databases, Caching, CDNs, Load Balancing & Production Infra
▶︎

System Design Explained: APIs, Databases, Caching, CDNs, Load Balancing & Production Infra

The World's Most Important Machine
▶︎

The World's Most Important Machine

Power Automate Beginner to Pro Tutorial [Full Course]
▶︎

Power Automate Beginner to Pro Tutorial [Full Course]

Kubernetes Tutorial for Beginners [FULL COURSE in 4 Hours]
▶︎

Kubernetes Tutorial for Beginners [FULL COURSE in 4 Hours]

Creator of C++: Bell Labs, Negative Overhead Abstraction, Mistakes | Bjarne Stroustrup
▶︎

Creator of C++: Bell Labs, Negative Overhead Abstraction, Mistakes | Bjarne Stroustrup

Free Event: Power BI Beginner to Pro 2026 Edition - Full Hands-On Tutorial
▶︎

Free Event: Power BI Beginner to Pro 2026 Edition - Full Hands-On Tutorial