Crash Course: SQL Server Extended Events

I’ve previously written about SQL Server Profiler and its use in diagnosing problematic T-SQL queries, stored procedures, and application behaviours. Although the SQL Server Profiler is very much the trusted tool for doing so it’s actually marked as deprecated by Microsoft. This unfortunately means that it will be removed in a future version of SQL Server.

In place of Profiler there is another feature called Extended Events (also referred to as XEvents or XEs). As Microsoft’s intended replacement for the Profiler it’s important to learn how this feature works in anticipation for a future release of SQL Server where Profiler is no longer available.

A key advantage of Extended Events is that they are less performance intensive than what SQL Server Profiler is and that they are designed to be left running to collect data. You’ll also notice that Extended Event sessions are all done directly in SSMS rather than launching a separate tool. As sessions are stored as objects within the SQL Server instance other DBAs can also make use of them.

Let’s work through a simple Extended Event session that will capture SQL queries being made in an AdventureWorks2022 test database.

Note: the following example was done on SQL Server 2022 CU17 running on Windows Server 2022 update 2025-01. SQL Server Management Studio 20.2 was used

Step 1: Launch SSMS from the start menu, login to the required SQL Server instance. Once you are logged in goto Instance Name > Management > Extended Events

Step 2: Create a session by right clicking the Sessions folder and clicking New Session Wizard.

Step 3: Click Next to skip past the introduction.

Step 4: Give your XEvent Session a descriptive name. For this example I’ve just used Tutorial 01. Click Next to proceed.

Step 5: Although there are some templates to choose from select Do not use a template and click Next.

Step 6: This page now allows you to select events you want to track. Search for the following events and then double click each line to add to the list to the right. Click Next once you have them all:

sql_batch_starting
sql_batch_completed
sp_statement_starting
sp_statement_completed

Step 7: In the list of global events to track let’s select the following and then click Next:

database_name
process_id
sql_text
username

Step 8: For filters I’m going to add in a line to narrow down the XEvent to AdventureWorks2022 using the filter sqlserver.database_name. Click Next once set:

Step 9: Leave the data storage options unchecked for now. We’re only going to demo this XEvent so we aren’t interested in keeping the data. Click Next.

Step 10: Review the summary and click Finish when you are satisfied with your selections.

Step 11: As we’d like to make use of this XEvent straight away check both options on the Summary screen then click Close.

You will then go back into SSMS. Note that the event Tutorial 01 now appears under Instance Name > Management > Extended Events > Sessions in the object explorer and also that a new window for the session events is open.

At this point make a simple select query on AdventureWorks2022. I did a lazy one just for demo:

SELECT * FROM [Person].[Address]

You’ll now see events tracking in the session event window:

What you’ve just done is a simple session event trace but you can use the steps above to further customise your XEvent to capture the information you require.

Conclusion

We’ve discussed what SQL Server Extended Events are, what the advantages are, and performed a tutorial to build a very basic XEvent on a demo database.

If you organisation needs assistance with SQL Server we are here to help. Digital Incite and Matter Ltd’s consultants are SQL Server trained, certified and experienced with a wide variety of business applications. Get in touch with us today to discuss your requirements.

Azure Data Studio Is No More!

In a surprising move Microsoft have announced the retirement of Azure Data Studio on February 6th 2025.

Azure Data Studio was a development environment based on the Electron framework. It was particularly useful for working with SQL Server on Mac OS and Linux systems that SQL Server Management Studio is not available for. It featured an extensions system and connectivity to a number of different database systems. It was included with SQL Server Management Studio (although I found that it was frequently installed and forgotten about).

ADS will remain supported until February 28, 2026 giving time for developers and Mac/Linux DBAs time to transition. With ADS no longer under active development what other Microsoft tools can you use to develop for/on and manage SQL Server instances?

SQL Server Management Studio (SSMS)

The “go-to” tool for SQL Server DBAs and in many cases developers too. The most complete functionality can be found in SSMS such as managing SQL Server Agent jobs which can not be done natively in ADS or VS Code. SSMS is Windows only and does not run on Mac OS or Linux OSes.

SSMS 21 recently went into public preview which introduces 64-bit support, git integration and also many will be pleased to know now includes a dark theme.

VS Code with mssql Extension

VS Code is another Electron based tool with a bustling array of extensions available from the marketplace for not just SQL Server but also possibly every other programming language out there.

Microsoft recommends the mssql extension as the most direct way of transitioning from ADS. It should be noted that the extension apparently not provide feature parity with Azure Data Studio yet; quite a number of features are marked as preview such as Table Designer and Query Plan Visualiser.

Unlike SSMS, VS Code is cross platform and will run on Windows, Mac OS and Linux operating systems.

Like always managing SQL Server can be a challenge if your team aren’t up to date with the various developments in the products and tools available to them. That’s where we, Digital Incite and Matter Ltd, can step in to help you out with your data platform challenges. Get in touch with us today to discuss your needs further.

After The Speech: What Will AI Do For The UK?

AI Opportunities Action Plan announcement graphic.

By now you’ve probably seen or read Sir Keir Starmer’s speech on the Government of the United Kingdom’s AI Opportunities Action Plan.

We’re excited as many are with the potential that AI can bring. In the Prime Minister’s speech his opening remarks were on the diagnosis of a stroke patient who’s blood clot was identified in three minutes using AI. It’s a fine example of how AI can be used to make excellent, meaningful analysis of data quickly and accurately with the overall effect on improving human life.

As with any technological development though we do feel that it’s only appropriate to consider what issues may arise. For example AI systems can be used to generate false or misleading media, harbour biases against certain population demographics that impact quality of life, and not to mention the increasing power draw that these systems require just for the computational power required.

We welcome a slower and more considered approach to AI whilst balancing against ethical considerations. Whilst we agree that AI has huge potential for society and that the UK should strive to be at the forefront of the technological revolution we are also very much aware that it may bring terrible consequences if not handled with ethics in mind. The AI Safety Institute’s safety tests will undoubtedly be closely monitored in the ongoing effort to ensure the considered development of AI technology.

With the announcement also came commitments to relaxing planning permissions to build new data centres in “AI Growth Zones” and support STEM subjects in the education system. Again, we welcome such moves in support of the UK’s IT industry.

As a company Digital Incite and Matter Ltd will be closely following new announcements and developments with AI. For our consultants it forms a core aspect of CPD activities in view of augmenting skills in a variety of sought after IT capabilities. Whether this be for making your organisation’s data available for analysis or further deployment of IT infrastructure we’re here to help as always so do get in touch to discuss your requirements.

What do you feel about the speech? Please let us know in the comments. We’d love to hear from you.

AlwaysOn for High-Availability in SQL Server

It’s very much the case that many organisations rely on a single SQL Server instance to host mission critical ERP, CRM, finance and stock control systems. In the event of a serious issue with your SQL Server instance your organisation will face a system down incident potentially on a mission critical production system.

In SQL Server there are a number of options for disaster recovery and high availability should the worst happen. AlwaysOn is a term used by Microsoft to refer to a number of options for deploying a highly available SQL Server solutions resilient to single points of failure.

You should check with application vendor(s) to confirm support of AlwaysOn technologies. This isn’t just a technological question but also competency from their implementation and support teams too. If you are in the process of or considering a fresh deployment of an application – for example if you are upgrading to the latest version alongside new infrastructure – you should definitely consider including AlwaysOn as part of the solution requirements.

Prior to the introduction of AlwaysOn DBAs would consider using Log Shipping and Database Mirroring however these have now been deprecated in favour of AlwaysOn. If you are using Log Shipping and/or Mirroring for a current deployment use AlwaysOn for any future deployments.

Broadly speaking there are two AlwaysOn methods by which high-availability can be implemented. Both technologies rely on Windows Server Failover Clustering feature to be configured. AlwaysOn options are:

AlwaysOn Availability Groups (AG) provide database level failover and secondary reads for availability databases that are members of an availability group.

If you are using SQL Server Standard Edition the AlwaysOn feature is known as Basic Availability Groups (BAG) and will be limited to two members of which the secondary is read-only.

AlwaysOn Failover Clustering Instances (FCI) as the name implies provides instance level redundancy via active or passive nodes and as such relies on using a shared storage medium such as a shared disk or SAN.

There are advantages and disadvantages to both AlwaysOn methods. Ongoing maintenance from a DBA is necessary to manage the deployment and monitor performance.

Conclusion

In this post we’ve discussed why your organisation should consider adding high-availability options into your Microsoft SQL Server based solution and briefly mentioned the two key methods of achieving such resilience.

If you organisation needs support for AlwaysOn technologies for SQL Server or disaster recovery following an incident Digital Incite and Matter Ltd are here to help you. Please get in touch with us today to discuss your requirements.

Welcome to 2025!

We hope you’ve all had a wonderful Christmas and a happy new year. At Digital Incite and Matter Ltd we’re back for 2025 and ready to take on some fresh challenges.

Some of the IT trends we’re predicting and will be discussing in 2025:

The Role of Generative AI

Nobody can escape the discussion on the role that generative AI is playing out in the workplace. We may still not have the golden goal of general AI but generative AI has done enough to transform society already. Whilst we’re proud to say that all our blog posts to date are all human written we also need to be prepared for a future where AI can do significant things in place of a human.

There are a number of environmental and social issues to deal with here. We’re concerned about over-dependence on such technologies and the massive amounts of energy and hardware needed to make it work. We’re also looking closely about the impact generative AI may have on our society. It’ll be very difficult or even impossible to tell an AI generated story, image or even a video apart from a human made one very soon. With our social and democratic systems already tested to their limits we’ll be paying close attention to generative AI’s impact to balance massive potential with unforeseen dangers.

Who’s Prem is it Anyway?

We’ve noticed a trend whereby cloud contracts signed during the pandemic are being reviewed and considerable issues found with skyrocketing costs and under-delivered services. Frequently we are hearing about workloads being “repatriated” back to a private datacentre with significant cost savings, more reliable service and no issues with vendor lock-ins.

In 2025 we’ll be undoubtedly working with clients that will be carefully considering their choice of datacentre. To keep on premise, move to co-location or re-architect for cloud? Our goal for 2025 will be to make sure we help clients reach the right choice that balances security, environmental and cost efficiency whilst never compromising on data availability.

Continuing Full Fibre and 5G Rollout

It’s hard to believe it’s been around 25 years since BT first launched their “Openworld” ADSL service in the UK. Available to around 30% of UK households when initially launched for £39.99 per month way back in the year 2000. Inflation wise we think that would be around £74 per month in 2024! Subscribers could look forward to a 512 kbps download speed with 256 kbps upload. Often described as a whopping 10 times faster than the pinnacle that was 56k dial-up. Not to mention you didn’t clog the phone up when surfing the net.

25 years later and the market for broadband is now significantly different. Technologies such as XGS-PON that enable speeds of up to 10Gbps not just for businesses but also for households were unthinkable back at the turn of the millennium. Meanwhile mobile operators have been busy building 5G networks that enable low latency internet access of speeds nearing the gigabit mark.

We’re excited to see the applications of both “full fibre” and 5G products as enablers of the future workspace. Internet connections that are faster, far more reliable and consume less energy in operation will make doing business anywhere in the world no just possible but indeed the default. Gone is the world of centralised operations. Your office is truly anywhere. We’re also excited about the green aspect of such technologies which can reduce the need for travel as well as making digital distribution even more possible.

SQL Server 2025

Last but by no means the least is SQL Server 2025. The next iteration of Microsoft’s tried and tested RDBMS solution. We’ve already covered some of the main additions and changes we can expect from SQL Server 2025 in our earlier write up.

We’re looking forward to testing SQL Server 2025 out sometime soon. Upon its release we also will be supporting the business and charitable communities out with upgrades and new builds from day one.

If you choose to remain on an earlier version of SQL Server we’re also here to help. We can offer troubleshooting, health checking and maintenance on your existing SQL Server instances too.

What Else?

Of course we’re expecting some surprises throughout the year. Technology always has the ability to bring in unexpected twists and turns. Regardless of what 2025 brings Digital Incite and Matter Ltd are here to help you and your organisation in 2025.

For a free, no-obligation initial remote consultation please contact us today to discuss your requirements.

Please also feel free to drop us some ideas, questions or even points you disagree on the above in the comments section!

Merry Christmas and a Happy New Year from Digital Incite and Matter Ltd!

This week – in place of our usual content – Digital Incite and Matter Ltd would like to wish you a Merry Christmas and a Happy New Year for 2025.

Christmas tree photo by Brett Sayles: https://www.pexels.com/photo/merry-christmas-sign-1656564/

We hope you have a pleasant and safe holiday. Thank you all for reading the blog and using our services in 2024.

Closed Dates

We’re not available on the following dates over the holidays as we’ll be spending time with friends and family:

Wednesday 25th December
Thursday 26th December
Wednesday 1st January

We’ll be back in full on Thursday 2nd January and look forward to working with you in the new year!

Crash Course: Data Masking in SQL Server

In SQL Server there are a number of different features that can be used to help meet data protection policies and requirements within an organisation. Usually features such as Transparent Data Encryption (TDE) are widely employed to secure data but this doesn’t necessarily protect against accidental disclosure from persons and applications that might have a user within the database. One such feature that I’ve recently been working with is Dynamic Data Masking or DDM.

What is Dynamic Data Masking (DDM) and Why Should I Use It?

Dynamic Data Masking (DDM) was introduced in SQL Server 2016 (also in Azure SQL Database) and is a method to mask sensitive data from disclosure to non-privileged users. A masking function is applied to the data at column level using a DDL (Data Definition Language) statement.

This can be useful to allow a user the ability to select the row from the table in order to be able to design a query or report but then hand the responsibility for running the object back to a privileged user. This way the user without the necessary authorisation within the organisation never sees the sensitive data by accident. Think contractors and consultants.

DDM is applied to the table schema per column. In this example I apply to an existing AdventureWorks2022 test database using the email function.

USE [AdventureWorks2022]
ALTER TABLE [Person].[EmailAddress]
ALTER COLUMN [EmailAddress] ADD MASKED WITH (FUNCTION = 'email()')

Under normal circumstances a user would be able to select out the table and see the complete email address:

As a user without the UNMASK privilege they will see:

In order for a user in a database to be able to select the unmasked data from the table they must be granted the UNMASK privilege.

There are other types of function available to use and even the ability to implement custom masks as per requirements.

Default – full data masking.
Email – Masks the email after the first letter up to the @ and then the domain up to the suffix.
Random – can be used on numeric types to mask the original value with a random value.
Custom String – creates a custom masking method which exposes the first and last letter only with a padding string in the middle.
Datetime (SQL Server 2022 and above) – allows masking segments of a date and/or time.

There are some technical limitations to DDM such as not being able to apply masks to encrypted columns or computed columns. It also doesn’t fully secure data against malicious users who may find other way around the mask.

Conclusion

Dynamic Data Masking or DDM is just one of a number of features available in Microsoft SQL Server that can be used to protect data from leak or exposure. As SQL Server consultants Digital Incite and Matter Ltd can assist with implementing such features. For assistance with DDM or anything SQL Server related get in touch with us today for an initial consultation.

Finding Your Environmentally Sound Windows 10 End of Support Strategy

Last week I attended a discussion in Leeds hosted by Optimo on the subject “Sustainable Bytes: Green Machines”. Of particular interest to the discussion was the upcoming end of support for Windows 10. What this exactly means is that the OS will continue to function but will no longer receive security updates. Without patching against vulnerabilities those Windows 10 PCs will require removal from an organisation as they will pose an unacceptable risk to security. I have seen and heard various statistics but it’s estimated that between 200 – 600 million PCs won’t be able to support the upgrade and as a result will get disposed of. Somehow.

Old computers. Photo by Daniel Dan via Pexels.

Globally e-waste is an increasingly problematic issue that needs desperate attention. Although many of us will go to the effort to recycle devices at the end of their useful life to us it’s not always the case that IT waste is recycled completely. Not all components can be “economically” separated from each other, some components will contain toxic materials and sometimes e-waste is shipped to faraway places where it’s just dumped anyway. That’s regrettably just the start of the problems too.

As a company Digital Incite and Matter Ltd are committed to finding solutions that address the mountain of e-waste humans are leaving behind. So as there’s one year left until Windows 10 is no longer supported by Microsoft here are some strategies that can be used to prevent your otherwise working devices from ending up as scrap.

The first thing you should do is check the upgrade report in the settings app to see what the exact reason you can’t upgrade to Windows 11 for. It may be as simple and straightforward as the TPM hardware is disabled in the firmware settings. In which case check with the PCs documentation for assistance getting to the firmware settings and which setting to enable. You should then check Microsoft’s list of supported Intel or AMD CPUs for Windows 11 to confirm your device is supported.

You can install Windows 11 on unsupported hardware by various means but we’re assuming that your organisation requires official support without complications either from the device manufacturer or Microsoft. We’ll leave you with the idea surrounding that though.

Purchase Extended Security Upgrades (ESU)

An immediate solution without having to do much is to invest in Extended Security Upgrades. The cost of which is $61 per device for year 1. The cost increases each year but there is a discount of 25% if you use Microsoft’s cloud management tools such as Intune. Anyone using Windows 365 receives this for free as well and we understand that educational establishments will also be given a significant discount.

The downside to this solution is that it incurs a significant cost especially in organisations that have many Windows 10 devices. You should also double check with your software vendors as to their support policy for their apps. You may find they drop support for Windows 10 anyway. It also needs to be noted that this solution is for security updates only. There are no bug-fixes, design changes or additional technical support given through this.

We recommend this solution sparingly as the investment can be substantial. If your organisation has a handful of devices nearing the end of service (circa 10 years we try to aim for) then this might prove a good choice in the short-term as opposed to purchasing new devices straight away.

Replace with an Alternative OS

Windows is a favoured choice of many organisations but it’s not the only OS out there. Linux distributions like Ubuntu are increasingly popular and viable in the workplace. Such operating systems are not just trusted, reliable and secure but are also free of cost. This makes it an economical solution for replacing Windows.

A potential downside to using a Linux distro is the software support. Not all application vendors offer support for Linux. Microsoft Office for example does not have support for Linux. Alternatives such as LibreOffice or Collabora office are widely but not completely compatible with Microsoft Office document formats and as such may not 100% fit in with your workflow.

Replacing Windows 10 with a Linux distribution is a great solution as it will allow continued use of the hardware. Organisations that use a browser based workflow should strongly consider this

Reworks

If the only reason you can’t get Windows 11 installed is hardware limitations and alternative OSes aren’t possible then another avenue to explore is the possibility of upgrading or replacing the internals of the device to address whatever incompatibility that has arisen.

If the issue is a lack of support for a TPM (Trusted Platform Module) then the chip can usually be attached to the motherboard header of a desktop PC and can be acquired for around £20. Do check to see if your device just needs firmware based TPM enabled in the settings first however.

Alternatively if the CPU is not supported then looking at upgrading hardware is a nearly last resort. It should be noted that Windows licences are tied to the motherboard (the licence is stored as a firmware variable). As there would be almost certain to have to upgrade the system motherboard to gain a supported CPU (particularly Intel CPUs which generally change socket every generation) you may find having to acquire another licence for Windows anyway. Despite this potentially chassis, power supply, memory, and storage devices can be reused. This would effectively make your device a “custom build” which may still be a good option for higher end devices. Otherwise you may find some of the parts – particularly storage devices, GPUs, and sometimes memory – as useful spares or upgrades for other PCs.

This option is unfortunately a little bit trickier than the others given often limited options particularly around finding compatible upgrades but it’s still worth consideration.

Conclusion

Although the end of Windows 10 means that some hardware becomes “obsolete” it’s definitely not the end of the line.

We call upon Microsoft and their hardware partners to support devices for as long as possible instead of planned obsolescence. The needs of the planet and human society need consideration when an OS becomes “unsupported” rather than shareholder first marketing plans to sell new hardware when the ecosystem struggles to deal with the disposal of the hardware already in circulation. Some models of laptop and unfortunately PCs are becoming harder to upgrade & repair and we don’t agree with that principle at all.

Digital Incite and Matter Ltd are here to help when it comes to creating an environmentally considerate strategy around hardware procurement, service and end of life policy for your organisation. Feel free to get in touch with us for help and assistance.

Microsoft SQL Server 2025 Announced

The next version of SQL Server has been announced at Microsoft IGNITE 2024: SQL Server 2025 will be the next release for the long-running RDMBS. vNext is currently in private preview and will have a heavy focus on AI capabilities. For example vector data used for machine learning is supported as well as support for direct REST interfaces for AI services.

Other particular highlights we’re anticipating include:

Support for Entra ID Managed Identities.
Enhanced performance in the database engine including lock optimisations.
Support for JSON as a native data format.
Support for Regular Expressions (REGEXP_LIKE) in T-SQL.

In addition to the SQL Server platform itself Microsoft also announced that SQL Server Management Studio (SSMS) will receive a number of updates including Git integration, Copilot AI support for help with writing code as well as a much requested dark mode in the UI.

It’s pleasing to see a new release of SQL Server that delivers notable features already introduced in Azure SQL to a product that customers may use in their data centre or via IaaS in the cloud. This will allow customers to utilise a supported release of SQL Server well into 2035 giving enhanced choice in a fluid computing market.

We’re expecting the final release of SQL Server 2025 sometime next year following a private and then public preview. Like all SQL Server releases Digital Incite and Matter Ltd will be at the forefront of new developments and look forward to working with you for your data platform needs. Get in touch with us today to discuss your requirements.

Tips for Deploying Secure Instances of Microsoft SQL Server

Your organisation’s data is a critical asset that needs the upmost care and attention to securely store & manage. For organisations with a Microsoft technology stack – in terms of infrastructure, applications and internal skills – Microsoft SQL Server is a RDBMS of choice designed with security in mind to meet such requirements.

When you deploy an SQL Server instance it’s important to work with your internal IT teams to make your installation secure right from the point of installation. In this blog post I’m going to discuss 5 points I recommend to ensure a secure basis for any SQL Server installation.

Tip 1: Deploy on Windows Server Core. If you can.

Most of us are familiar with the Windows GUI but for Windows Server it’s possible to deploy a reduced install of the OS known as Windows Server Core. This feature was first introduced with Windows Server 2008. This is achieved via a selection of the edition when the OS is first installed and is actually the default choice.

Installing Windows Server as Server Core affords a number of advantages. The principle benefit is that as the install is reduced in terms of components and features compared to a GUI install the attack surface is much reduced. There is also a slight performance advantage in terms of CPU and memory saved by the reduced overhead of the install.

Note that a drawback of a Server Core install is that some features such as SQL Server Reporting Services need the GUI install. If you choose to deploy an application on the same server (typically to save costs if the application only serves a few users) the vendor may also require a full GUI install. You also need to be completely proficient in using CLI based tools or remote management as the usual GUI tools aren’t present.

Tip 2: Apply the Latest Cumulative Update or Security Update

SQL Server generally has a good record when it comes to security vulnerabilities. That being said there has been a number of security issues identified and fixed in SQL Server. Patching just like any other program in use is a necessity.

In SQL Server you have two options regarding your update track. Highly recommended is the apply the latest Cumulative Update (CU). Not only will the instance receive the most up-to-date security fixes but also fixes to other areas of the database server.

Alternatively if your SQL Server instance hasn’t been patched using a CU then it would still be considered “GDR” or General Distribution Release”. These releases will still receive updates without applying a CU typically via Windows Update.

You should also check that on both clients and server that the various SQL Server connectivity drivers are patched up to date if they are mandated by any client applications.

Tip 2: Enable TLS by Applying a Certificate

TLS or Transport Layer Security is an encryption protocol that protects data sent and received between SQL Server and the client. Under principles of Zero Trust you should still take steps to encrypt data in transit even if you own the network SQL Server is running on.

A certificate should be procured either via an internal Certificate Authority (CA) server or via a recognised broker. For testing purposes a self-signed certificate can be used by is not recommended. This then secures application traffic against eavesdropping.

Note that you should never allow connectivity to SQL Server over the internet.

Tip 4: Use Windows Authentication Where Possible

SQL Server can be run in either Windows or Mixed authentication modes. There are a number of drawbacks to using SQL Server’s built-in authentication method. Chiefly is that login passwords get transmitted unencrypted and can be seen using packet sniffing.

For best results leave use Windows Authentication mode only and make sure your applications authenticate via Windows. Certain applications do not support Windows authentication so check carefully with the vendor in case any patches or reconfiguration are required.

Tip 4a: If You Must Use Mixed Authentication Disable the ‘sa’ Account.

The sa account in SQL Server is a very special one. It has the SID of 0x01 and is considered the most powerful account in SQL Server. It’s also the most vulnerable one being so well known. For best results leave sa disabled and rename it. That way it can’t be used to exploit the whole instance.

Tip 5: Consider Firewall Rules

The Windows or Linux firewall should be enabled on each operating system for SQL Server. Connectivity to SQL Server is via the default port 1433/tcp. A rule needs to be in place to allow traffic to and from the server.

Locking down firewall rules to only allow access via known application servers, authorised management PCs and restricted virtual desktops is highly recommended. This effectively stops any malicious login attempts from unauthorised hosts. This can help keep your SQL Server instance safe.

Conclusion

In this post we’ve discussed the importance of protecting your organisation’s data as well as the theory over a number of basic steps for securely deploying SQL Server instances including: secure configuration, updates, firewall controls as well as encryption in transit.

Once the SQL Server instance is promoted to production there are also other features of SQL Server that should be considered such Transparent Data Encryption (TDE) for encrypting SQL Server databases, logs and backups.

If your organisation is facing challenges over securing your SQL Server instances then help is at hand. Digital Incite and Matter Ltd can help further with this challenging subject. We also have experience helping clients with annual security audits. Get in touch with us today for a free initial consultation.