A Fine Slice Of SQL Server
Boniface Muchendu looks at some changes:
Power BI includes a powerful feature called Publish to Web, which allows users to share interactive reports publicly without requiring viewers to sign in. While this tool simplifies access, it can also create security risks if misused. In this guide, you’ll learn what “Publish to Web” does, how Microsoft updated it for better governance, and how to manage access responsibly.
Click through to see what’s new.
Leave a CommentHarmeet Gill shows us how we can bring our own keys to data in OneLake:
One of the highly requested features in Microsoft Fabric is now available: the ability to encrypt data in OneLake using your own keys. As organizations face growing data volumes and tighter regulatory expectations, Customer-Managed Keys (CMK) offer a powerful way to enforce enterprise-grade security and ensure strict ownership of encryption keys and access.
With Microsoft’s OneLake, we’ve built a unified data lake that’s open, secure, and ready for enterprise scale. Now, with support for CMK, we’re giving customers the power to take encryption into their own hands.
Read on to learn more about Microsoft’s default for data encryption, and how you can use your own keys to encrypt the data.
Leave a CommentI’ve written previously about auditing or cracking SQL Server login passwords either online (inside the instance itself) or offline (exporting the hashes and using a specialized cracking tool).
Last week, Microsoft’s Pieter Vanhove published a blog post that covers What’s new in SQL Server 2025 security.
This is one of the few instances in which I’d prefer things be slower in the database.
Leave a CommentAaron Merrill shares some news:
It’s been almost 3 months since we announced OneLake security at FabCon 2025 in Las Vegas, and while the interest has not slowed down, we’ve also been working behind the scenes to improve the feature and address your feedback. In this blog post, we’ll go through some of the latest updates on OneLake security including further support for OneLake shortcuts, improved RLS authoring, and updated permissions to manage OneLake security.
Read on to see what has changed.
Leave a CommentKristina Mishra takes us through troubleshooting a problem:
Ah, you’ve setup a deployment pipeline and let your people know it’s ready for them to do the thing. Everything looks fine on your end, so you shoot off a message to the group and go about your busy day. (Nevermind your Test environment was set up 4 months ago, Production 3 days ago, and Development was replaced 2 months ago with a new Development environment because your region changed.) You’ve added all the permission groups to each environment and added your “contributors” as Admin to the deployment pipeline (no comment), so everything should be grand.
Famous last words, indeed.
Leave a CommentOscar Martinez lays out the risks:
Data exfiltration is the act of moving sensitive data outside a trusted environment without authorisation. In the context of Power Query (the data transformation engine behind Excel, Power BI, dataflows, etc.), this means an insider could use a Power Query script to siphon data from secure sources (like databases) out to an external destination. Microsoft defines data exfiltration as the movement of sensitive business data outside a trusted boundary, whether intentionally or unintentionally.^1
Click through to learn more about what is possible, as well as practical tips on how to reduce this risk.
Leave a CommentDavid Seis digs into the Restore-DbaDatabase cmdlet:
In this blog post, we will audit the dbatools command Restore-DbaDatabase. I will test, review, and evaluate the script based on a series of identical steps. Our goal is to provide insights, warnings, and recommendations to help you use this script effectively and safely. Restore-DbaDatabase is powerful tool to automate the restore of any database, and it works well in automated solutions such as daily refreshes or weekly refreshes of production to a lower environment.
David’s blog post takes a look at the cmdlet’s functionality, but also thinking about it from a security perspective.
Leave a CommentAlex Woodie reports on a vulnerability:
The Microsoft Copilot vulnerability, dubbed EchoLeak, was listed as CVE-2025-32711 in the NIST’s National Vulnerability Database, which gave the flaw a severity score of 9.3. According to Aim Labs, which discovered EchoLeak and shared its research with the world last week, the “zero-click” flaw could “allow attackers to automatically exfiltrate sensitive and proprietary information from M365 Copilot context, without the user’s awareness, or relying on any specific victim behavior.” Microsoft patched the flaw the following day.
The blog post linked above is pretty interesting. Microsoft has patched the vulnerability, so this particular attack vector shouldn’t be an issue. But it will certainly open up the doors for more fun ways of exploiting generative AI-based services.
Leave a CommentSoheil Bakhshi continues a series:
Now, in the third and final part of this blog series, we focus on two important areas that are often overlooked:
- What happens when Microsoft Purview sensitivity labels are applied to a report
- How to refine admin portal settings to better control guest users’ access to Fabric
Click through for the conclusion of this series.
Leave a CommentYael Biss doesn’t want people walking off with the data:
As data volume and complexity soar, protecting sensitive information has become non-negotiable. With the latest enhancements to Purview Data Loss Prevention (DLP) Policies in Microsoft Fabric, organizations now have the power to proactively secure their data in Onelake.
Whether you’re just getting started or looking to take your data governance to the next level, following proven best practices will maximize your security, compliance, and productivity.
Click through for several tips on how to use Microsoft Purview DLP in Fabric. One of those tips ought to be “Get a side hustle so you can afford both Purview and Fabric.”
Comments closed