1
00:00:00,250 --> 00:00:01,200
Welcome back.

2
00:00:01,200 --> 00:00:05,170
In this lesson, we are going to talk about "Auditing Data".

3
00:00:05,170 --> 00:00:06,950
So what does that mean, exactly?

4
00:00:06,950 --> 00:00:09,640
Well, we're going to talk about why we audit.

5
00:00:09,640 --> 00:00:11,320
We're going to talk about the Azure services

6
00:00:11,320 --> 00:00:12,840
that we can audit in.

7
00:00:12,840 --> 00:00:14,210
And then we're going to take a live look

8
00:00:14,210 --> 00:00:17,313
at how we actually configure auditing in Azure.

9
00:00:18,200 --> 00:00:21,163
So with that, let's take a look at why we audit.

10
00:00:22,140 --> 00:00:25,460
Well, the first reason is tracking database events.

11
00:00:25,460 --> 00:00:28,300
So we might have security concerns, and we want

12
00:00:28,300 --> 00:00:30,000
to look for anomalies.

13
00:00:30,000 --> 00:00:31,530
Things that don't fit in.

14
00:00:31,530 --> 00:00:34,110
This is an excellent reason to audit.

15
00:00:34,110 --> 00:00:36,910
Second reason, regulatory compliance.

16
00:00:36,910 --> 00:00:39,300
So this is not the only factor, usually,

17
00:00:39,300 --> 00:00:42,040
but auditing database events might be something

18
00:00:42,040 --> 00:00:44,933
that you have to do because of regulatory issues.

19
00:00:45,950 --> 00:00:47,690
Third, we want to look at trends.

20
00:00:47,690 --> 00:00:50,890
So this falls into security, like I mentioned in the first,

21
00:00:50,890 --> 00:00:53,670
and this also falls into operations as well.

22
00:00:53,670 --> 00:00:56,940
Because we can start to see maybe database events

23
00:00:56,940 --> 00:00:58,320
that aren't optimized.

24
00:00:58,320 --> 00:01:03,320
And so we can figure out ways to increase resources,

25
00:01:03,360 --> 00:01:06,890
or ways to redefine database events,

26
00:01:06,890 --> 00:01:09,220
or when those database events happen

27
00:01:09,220 --> 00:01:12,100
in order to streamline and optimize the environment.

28
00:01:12,100 --> 00:01:15,380
So this is just a couple of reasons why we want to audit.

29
00:01:15,380 --> 00:01:17,320
Now, let's talk about where we audit.

30
00:01:17,320 --> 00:01:20,880
Well, as far as the DP-203 is concerned,

31
00:01:20,880 --> 00:01:24,790
Synapse and SQL Database, and that is as a feature.

32
00:01:24,790 --> 00:01:26,410
And you'll see what I mean by that in a minute,

33
00:01:26,410 --> 00:01:29,280
but there's basically a box that says 'auditing',

34
00:01:29,280 --> 00:01:33,030
and we can audit in Synapse and SQL Database.

35
00:01:33,030 --> 00:01:34,950
However, there are several other places

36
00:01:34,950 --> 00:01:36,680
as a practice, right?

37
00:01:36,680 --> 00:01:39,460
You can audit in quite a few different areas,

38
00:01:39,460 --> 00:01:40,430
and you should be auditing

39
00:01:40,430 --> 00:01:42,550
in quite a few different areas in Azure,

40
00:01:42,550 --> 00:01:45,910
just not necessarily by clicking on the Audit button.

41
00:01:45,910 --> 00:01:49,300
So for the DP-203, when we talk about auditing,

42
00:01:49,300 --> 00:01:52,490
think about Synapse and SQL Database as a feature.

43
00:01:52,490 --> 00:01:55,670
Again, you'll see what I mean here in just a second.

44
00:01:55,670 --> 00:01:57,750
So with that, let's actually jump into the portal

45
00:01:57,750 --> 00:02:00,223
and let's take a look at auditing.

46
00:02:01,400 --> 00:02:04,830
So here, we find ourselves in my Synapse workspace.

47
00:02:04,830 --> 00:02:07,050
Now, the first thing you need to understand is

48
00:02:07,050 --> 00:02:08,470
if you want to turn on auditing,

49
00:02:08,470 --> 00:02:11,050
you need to do that from within a pool.

50
00:02:11,050 --> 00:02:11,883
So we're going to go ahead

51
00:02:11,883 --> 00:02:15,060
and click on my SQL pool that I've created.

52
00:02:15,060 --> 00:02:17,520
And once we do that, you'll notice that down here

53
00:02:17,520 --> 00:02:21,170
under Security, I now have an Auditing tab.

54
00:02:21,170 --> 00:02:23,420
And I can click on Auditing.

55
00:02:23,420 --> 00:02:25,660
So I have a couple of different options here.

56
00:02:25,660 --> 00:02:28,370
The first is, I need to choose whether I just want

57
00:02:28,370 --> 00:02:32,885
to have auditing for this specific SQL pool, or

58
00:02:32,885 --> 00:02:36,000
whether I want to have auditing on for the entire workspace.

59
00:02:36,000 --> 00:02:38,160
If I want to have it on for the entire workspace,

60
00:02:38,160 --> 00:02:42,740
I'm going to click on this, and then I'll just turn it on.

61
00:02:42,740 --> 00:02:46,330
Or, I can also come back and I can just turn it on

62
00:02:46,330 --> 00:02:48,140
for my SQL pool event.

63
00:02:48,140 --> 00:02:50,590
And once I do that, it's going to ask me where I want

64
00:02:50,590 --> 00:02:53,270
to store my log information.

65
00:02:53,270 --> 00:02:55,200
So I can choose a Log Analytics account,

66
00:02:55,200 --> 00:02:57,040
or I can choose a storage account,

67
00:02:57,040 --> 00:02:59,830
or an event hub that I want to pass the data through.

68
00:02:59,830 --> 00:03:02,510
And so I'm going to choose where I want to have it stored.

69
00:03:02,510 --> 00:03:04,110
And so for this case, let's just go ahead

70
00:03:04,110 --> 00:03:06,720
and pick one of my Log Analytics accounts,

71
00:03:06,720 --> 00:03:08,840
and I'll go ahead and click on Save.

72
00:03:08,840 --> 00:03:11,460
And you'll see that, that quickly, it has now saved

73
00:03:11,460 --> 00:03:12,730
my auditing settings.

74
00:03:12,730 --> 00:03:16,030
And I will now be tracking those database events

75
00:03:16,030 --> 00:03:21,030
in this specific SQL pool, but not at the workspace level.

76
00:03:22,530 --> 00:03:24,557
That's it. It's pretty easy to turn on,

77
00:03:24,557 --> 00:03:26,660
but it is something that you need to configure

78
00:03:26,660 --> 00:03:29,470
and turn on if you want to use it.

79
00:03:29,470 --> 00:03:31,120
So with that, let's jump in and talk

80
00:03:31,120 --> 00:03:33,580
about just a couple of key points to remember.

81
00:03:33,580 --> 00:03:35,680
First off, auditing is useful

82
00:03:35,680 --> 00:03:38,180
for security, compliance, operations.

83
00:03:38,180 --> 00:03:39,421
You should be auditing,

84
00:03:39,421 --> 00:03:41,080
whether you're clicking the button to audit,

85
00:03:41,080 --> 00:03:43,460
or whether you're manually setting up auditing

86
00:03:43,460 --> 00:03:45,240
through Log Analytics or something else.

87
00:03:45,240 --> 00:03:46,483
You need to be auditing.

88
00:03:47,650 --> 00:03:51,260
Next, auditing is used in SQL Database and Synapse.

89
00:03:51,260 --> 00:03:54,090
So this is specifically for the DP-203.

90
00:03:54,090 --> 00:03:56,540
You saw the little box, we clicked on the Auditing.

91
00:03:56,540 --> 00:03:59,800
That's how we set it up in SQL Database and Synapse.

92
00:03:59,800 --> 00:04:03,480
Keep in mind, SQL Database is not on the DP-203.

93
00:04:03,480 --> 00:04:07,123
And this could be set at the server or the database level.

94
00:04:08,010 --> 00:04:09,630
All right, that's it.

95
00:04:09,630 --> 00:04:11,230
I'll see you in the next lesson.