--- title: "Security Center for SQL Server Database Engine and Azure SQL Database | Microsoft Docs" ms.custom: "" ms.date: "09/23/2015" ms.prod: "sql-server-2014" ms.reviewer: "" ms.technology: security ms.topic: conceptual f1_keywords: - "Security [SQL Server]" helpviewer_keywords: - "SQL Server, security" - "security [SQL Server]" - "database security [SQL Server]" - "databases [SQL Server], security" ms.assetid: dfb39d16-722a-4734-94bb-98e61e014ee7 author: VanMSFT ms.author: vanto manager: craigg --- # Security Center for SQL Server Database Engine and Azure SQL Database This page provides links to help you locate the information that you need about security and protection in the [!INCLUDE[ssDEnoversion](../../includes/ssdenoversion-md.md)]and [!INCLUDE[ssSDSfull](../../../includes/sssdsfull-md.md)]. > [!NOTE] > The capabilities of [!INCLUDE[ssSDSfull](../../../includes/sssdsfull-md.md)] continue to improve. See the most recent version of this topic for the most recent information about [!INCLUDE[ssSDS](../../includes/sssds-md.md)]. |Authentication: Who are you?|Authorization: What can you do?|Encryption: Storing Secret Data|Connection Security: Restricting and Securing|Auditing: Recording Access| |----------------------------------|-------------------------------------|-------------------------------------|---------------------------------------------------|--------------------------------| |**Who Authenticates?**

[![Security Center Map Windows Authentication](../../database-engine/media/security-center-map-windows-authenticaion.png "Security Center Map Windows Authentication")](https://msdn.microsoft.com/library/ms144284.aspx)



[![Security Center Map SQL Server Authentication](../../database-engine/media/security-center-map-sql-authenticaion.png "Security Center Map SQL Server Authentication")](https://msdn.microsoft.com/library/ms144284.aspx)

**Where Authenticated?**

[![Security Center Map Logins and Users](../../database-engine/media/security-center-map-logins-users.png "Security Center Map Logins and Users")](https://msdn.microsoft.com/library/aa337562.aspx)



[![Security Center Map Contained Database Users](../../database-engine/media/security-center-map-contained-users.png "Security Center Map Contained Database Users")](https://msdn.microsoft.com/library/ff929188.aspx)

**Using Other Identities**

[![Security Center Map Credentials](../../database-engine/media/security-center-map-credentials.png "Security Center Map Credentials")](https://msdn.microsoft.com/library/ms161950.aspx)

[![Security Center Map Execute As Login](../../database-engine/media/security-center-map-exec-as-login.png "Security Center Map Execute As Login")](https://msdn.microsoft.com/library/ms181362.aspx)

[![Security Center Map Execute As User](../../database-engine/media/security-center-map-exec-as-user.png "Security Center Map Execute As User")](https://msdn.microsoft.com/library/ms181362.aspx)

![Placeholder](../../database-engine/media/security-center-map-blankplaceholder.png "Placeholder")

![Placeholder](../../database-engine/media/security-center-map-blankplaceholder.png "Placeholder")

![Placeholder](../../database-engine/media/security-center-map-blankplaceholder.png "Placeholder")

![Placeholder](../../database-engine/media/security-center-map-blankplaceholder.png "Placeholder")|**Granting, Revoking, and Denying Permissions**

[![Security Center Map Securable Classes](../../database-engine/media/security-center-map-securable-classes.png "Security Center Map Securable Classes")](https://msdn.microsoft.com/library/ms190401.aspx)

[![Security Center Map Server Permissions](../../database-engine/media/security-center-map-srv-perms.png "Security Center Map Server Permissions")](https://msdn.microsoft.com/library/ms191291.aspx)

[![Security Center Map Database Permissions](../../database-engine/media/security-center-map-db-perms.png "Security Center Map Database Permissions")](https://msdn.microsoft.com/library/ms191291.aspx)

**Security by Roles**

[![Security Center Map Server Roles](../../database-engine/media/security-center-map-srv-roles.png "Security Center Map Server Roles")](https://msdn.microsoft.com/library/ms188659.aspx)

[![Security Center Map Database Roles](../../database-engine/media/security-center-map-db-roles.png "Security Center Map Database Roles")](https://msdn.microsoft.com/library/ms189121.aspx)

`Restricting Data Access to Selected Data Elements`

[![Security Center Map Views and Procedures](../../database-engine/media/security-center-map-view-procs.png "Security Center Map Views and Procedures")](https://msdn.microsoft.com/library/ms175503.aspx)

[![Security Center Map Row Level Security](../../database-engine/media/security-center-map-row-level-sec.png "Security Center Map Row Level Security")](https://msdn.microsoft.com/library/dn765131.aspx)

[![Security Center Map Dynamic Data Masking](../../database-engine/media/security-center-map-data-masking.png "Security Center Map Dynamic Data Masking")](https://azure.microsoft.com/documentation/articles/sql-database-dynamic-data-masking-get-started/)

[![Security Center Map Signed Objects](../../database-engine/media/security-center-map-signed-objects.png "Security Center Map Signed Objects")](https://msdn.microsoft.com/library/ms181700.aspx)

![Placeholder](../../database-engine/media/security-center-map-blankplaceholder.png "Placeholder")|**Encrypting Files**

[![Security Center Map BitLocker](../../database-engine/media/security-center-map-bitlocker.png "Security Center Map BitLocker")](https://support.microsoft.com/kb/2855131)

[![Security Center Map NTFS Encryption](../../database-engine/media/security-center-map-ntfs-encryp.png "Security Center Map NTFS Encryption")](https://msdn.microsoft.com/library/dd163562.aspx)

[![Security Center Map TDE](../../database-engine/media/security-center-map-tde.png "Security Center Map TDE")](https://msdn.microsoft.com/library/bb934049.aspx)

[![Security Center Map Backup Encryption](../../database-engine/media/security-center-map-backup-encryp.png "Security Center Map Backup Encryption")](https://msdn.microsoft.com/library/dn449489.aspx)

**Encrypting Sources**

[![Security Center Map EKM](../../database-engine/media/security-center-map-ekm.png "Security Center Map EKM")](https://msdn.microsoft.com/library/bb895340.aspx)

[![Security Center Map Azure Key Vault](../../database-engine/media/security-center-map-key-vault.png "Security Center Map Azure Key Vault")](https://azure.microsoft.com/documentation/articles/key-vault-get-started/)

**Column, Data & Key Encryption**

[![Security Center Map Encrypt by Certificate](../../database-engine/media/security-center-map-cert.png "Security Center Map Encrypt by Certificate")](https://msdn.microsoft.com/library/ms188061.aspx)

[![Security Center Map Encrypt by Symmetric Key](../../database-engine/media/security-center-map-sym-key.png "Security Center Map Encrypt by Symmetric Key")](https://msdn.microsoft.com/library/ms174361.aspx)

[![Security Center Map Encrypt by Asymmetric Key](../../database-engine/media/security-center-map-asym-key.png "Security Center Map Encrypt by Asymmetric Key")](https://msdn.microsoft.com/library/ms186950.aspx)

[![Security Center Map Encrypt by Passphrase](../../database-engine/media/security-center-map-passphrase.png "Security Center Map Encrypt by Passphrase")](https://msdn.microsoft.com/library/ms190357.aspx)|**Firewall Protection**

[![Security Center Map Windows Firewall](../../database-engine/media/security-center-map-windows-firewall.png "Security Center Map Windows Firewall")](https://msdn.microsoft.com/library/ms175043.aspx)

[![Security Center Map Service Firewall](../../database-engine/media/security-center-map-service-firewall.png "Security Center Map Service Firewall")](https://msdn.microsoft.com/library/azure/ee621782.aspx)

[![Security Center Map Database Firewall](../../database-engine/media/security-center-map-db-firewall.png "Security Center Map Database Firewall")](https://msdn.microsoft.com/library/azure/ee621782.aspx)

**Encrypting Data in Transit**

[![Security Center Map Forced SSL](../../database-engine/media/security-center-map-forced-ssl.png "Security Center Map Forced SSL")](https://msdn.microsoft.com/library/ms191192.aspx)

[![Security Center Map Optional SSL](../../database-engine/media/security-center-map-opt-ssl.png "Security Center Map Optional SSL")](https://msdn.microsoft.com/library/ms191192.aspx)

![Placeholder](../../database-engine/media/security-center-map-blankplaceholder.png "Placeholder")

![Placeholder](../../database-engine/media/security-center-map-blankplaceholder.png "Placeholder")

![Placeholder](../../database-engine/media/security-center-map-blankplaceholder.png "Placeholder")

![Placeholder](../../database-engine/media/security-center-map-blankplaceholder.png "Placeholder")

![Placeholder](../../database-engine/media/security-center-map-blankplaceholder.png "Placeholder")

![Placeholder](../../database-engine/media/security-center-map-blankplaceholder.png "Placeholder")

![Placeholder](../../database-engine/media/security-center-map-blankplaceholder.png "Placeholder")|**Automated Auditing**

[![Security Center Map SQL Server Audit](../../database-engine/media/security-center-map-sql-audit.png "Security Center Map SQL Server Audit")](https://msdn.microsoft.com/library/cc280386.aspx)

[![Security Center Map SQL Database Audit](../../database-engine/media/security-center-map-sqldb-audit.png "Security Center Map SQL Database Audit")](https://azure.microsoft.com/documentation/articles/sql-database-auditing-get-started/)

**Custom Audit**

![Placeholder](../../database-engine/media/security-center-map-blankplaceholder.png "Placeholder")

[![Security Center Map Triggers](../../database-engine/media/security-center-map-triggers.png "Security Center Map Triggers")](https://msdn.microsoft.com/library/ms175941.aspx)

**Compliance**

[![SecCtrCompliance](../../database-engine/media/secctrcompliance.png "SecCtrCompliance")](https://azure.microsoft.com/support/trust-center/services/)

![Placeholder](../../database-engine/media/security-center-map-blankplaceholder.png "Placeholder")

![Placeholder](../../database-engine/media/security-center-map-blankplaceholder.png "Placeholder")

![Placeholder](../../database-engine/media/security-center-map-blankplaceholder.png "Placeholder")

![Placeholder](../../database-engine/media/security-center-map-blankplaceholder.png "Placeholder")

![Placeholder](../../database-engine/media/security-center-map-blankplaceholder.png "Placeholder")

![Security Center Legend](../../database-engine/media/security-center-map-legend.png "Security Center Legend")| ## Links to Specific Related Topics ![Small File Folder Icon](../../integration-services/media/filefolder-small.gif "Small File Folder Icon") **Authentication: Who are you?** **Who Authenticates? (Windows or [!INCLUDE[ssNoVersion](../../includes/ssnoversion-md.md)])** - [Choose an Authentication Mode](choose-an-authentication-mode.md) **Authenticate at the master database** (Logins and database users) - [Create a SQL Server Login](authentication-access/create-a-login.md) - [Managing Databases and Logins in Azure SQL Database](https://msdn.microsoft.com/library/ee336235.aspx) - [Create a Database User](authentication-access/create-a-database-user.md) **Authenticate at a user database** - [Contained Database Users - Making Your Database Portable](contained-database-users-making-your-database-portable.md) **Using Other Identities** - [Credentials (Database Engine)](authentication-access/credentials-database-engine.md) - [Execute as Another Login](/sql/t-sql/statements/execute-as-transact-sql) - [Execute as Another Database User](/sql/t-sql/statements/execute-as-transact-sql) ![Small File Folder Icon](../../integration-services/media/filefolder-small.gif "Small File Folder Icon") **Encryption: Storing Secret Data** **Encrypting Files** - [BitLocker (Drive Level)](https://support.microsoft.com/kb/2855131) - [NTFS Encryption (Folder Level)](https://msdn.microsoft.com/library/dd163562.aspx) - [Transparent Data Encryption (File Level)](encryption/transparent-data-encryption.md) - [Backup Encryption (File Level)](../backup-restore/backup-encryption.md) **Encrypting Sources** - [Extensible Key Management Module](encryption/extensible-key-management-ekm.md) - [Keys Stored in the Azure Key Vault](encryption/extensible-key-management-using-azure-key-vault-sql-server.md) **Column, Data and Key Encryption** - [Encrypt by Certificate](/sql/t-sql/functions/encryptbycert-transact-sql) - [Encrypt by Asymmetric Key](/sql/t-sql/functions/encryptbyasymkey-transact-sql) - [Encrypt by Symmetric Key](/sql/t-sql/functions/encryptbykey-transact-sql) - [Encrypt by Passphrase](/sql/t-sql/functions/encryptbypassphrase-transact-sql) ![Small File Folder Icon](../../integration-services/media/filefolder-small.gif "Small File Folder Icon") **Authorization: What can you do?** **Granting, Revoking, and Denying Permissions** - [Permissions Hierarchy (Database Engine)](permissions-hierarchy-database-engine.md) - [Permissions](permissions-database-engine.md) - [Securables](securables.md) **Security by Roles** - [Server-Level Roles](authentication-access/server-level-roles.md) - [Database-Level Roles](authentication-access/database-level-roles.md) `Restricting Data Access to Selected Data Elements` - Restrict Data Access Using [Views](../views/views.md) and [Procedures](../stored-procedures/stored-procedures-database-engine.md) - [Row-Level Security](https://msdn.microsoft.com/library/azure/dn765131.aspx) - [Dynamic Data Masking](https://azure.microsoft.com/documentation/articles/sql-database-dynamic-data-masking-get-started/) - [Signed Objects](/sql/t-sql/statements/add-signature-transact-sql) ![Small File Folder Icon](../../integration-services/media/filefolder-small.gif "Small File Folder Icon") **Connection Security: Restricting and Securing** **Firewall Protection** - [Configure a Windows Firewall for Database Engine Access](../../database-engine/configure-windows/configure-a-windows-firewall-for-database-engine-access.md) - [Azure SQL Database Firewall Settings](/sql/relational-databases/system-stored-procedures/sp-set-database-firewall-rule-azure-sql-database) - [Azure Service Firewall Settings](/sql/relational-databases/system-stored-procedures/sp-set-firewall-rule-azure-sql-database) **Encrypting Data in Transit** - [Secure Sockets Layer for the Database Engine](../../database-engine/configure-windows/enable-encrypted-connections-to-the-database-engine.md) - [Secure Sockets Layer for SQL Database](https://msdn.microsoft.com/library/azure/ff394108.aspx) ![Small File Folder Icon](../../integration-services/media/filefolder-small.gif "Small File Folder Icon") **Auditing: Recording Access** **Automated Auditing** - [SQL Server Audit (Database Engine)](auditing/sql-server-audit-database-engine.md) - [SQL Database Auditing](https://azure.microsoft.com/documentation/articles/sql-database-auditing-get-started/) **Custom Audit Implementation** - Creating [DDL Triggers](../triggers/ddl-triggers.md) and [DML Triggers](../triggers/dml-triggers.md) ![Small File Folder Icon](../../integration-services/media/filefolder-small.gif "Small File Folder Icon") **Compliance** **SQL Server** - [Common Criteria](https://go.microsoft.com/fwlink/?LinkId=616319) **SQL Database** - [Microsoft Azure Trust Center: Compliance by Feature](https://azure.microsoft.com/support/trust-center/services/) ## See Also [Securing SQL Server](securing-sql-server.md) [Principals (Database Engine)](authentication-access/principals-database-engine.md) [SQL Server Certificates and Asymmetric Keys](sql-server-certificates-and-asymmetric-keys.md) [SQL Server Encryption](encryption/sql-server-encryption.md) [Surface Area Configuration](surface-area-configuration.md) [Strong Passwords](strong-passwords.md) [TRUSTWORTHY Database Property](trustworthy-database-property.md) [Database Engine Features and Tasks](../../database-engine/database-engine-features-and-tasks.md)