Post Implementation handover: Azure onboarding

Basic recommendations post implementation:

1. Azure SQL Server Firewall: this is disabled during setup with a rule called ALL, you will need to add all public IP’s for your offices and staff homes that require access to the database (note: please add the following for our support team)
   1. 1. Insol 6                  203.59.8.168                    Insol 6 Main Office
      2. client office 1       xxx.xxx.xxx.xxx                Location 1
      3. client office 2       xxx.xxx.xxx.xxx                Location 2
      4. home office         xxx.xxx.xxx.xxx                 You'll need a fixed IP
         
         Note this is for all access.
         
         
      5. All (=FirewallOff )             Start 0.0.0.0       End 255.255.255.255 (Implementation only: remove in production)
         
         
2. Azure SQL Point-in-time restore this gives you rollback capability, but we recommend taking a snapshot of the database weekly the below command creates a .bacpac file that can then be used to restore the database to the existing or to a new azure server.
   
   
3. There is of course a dependency on workstation security being maintained. We assume you have all workstations domain joined either onPrem or AzureAD
   
   
4. Use Microsoft Defender for Cloud a security monitoring solution for SQL and other Azure services
   
   
5. Note all client side access to the database is via a username and password embedded in the Insol6 app and not visible to the user or through the app

Backup Scripting: Download and install SqlPackage - SQL Server | Microsoft Learn

sqlpackage.exe /a:Export /SourceConnectionString:"Server=tcp:CLIENTID.database.windows.net,1433;Initial Catalog=insol6_CLID;Persist Security Info=False;User ID=sysadmin;Password=18ChrComplexPA$$xx;MultipleActiveResultSets=True;Encrypt=True;TrustServerCertificate=True;Connection Timeout=60;" /tf:C:\SQLBACKUP\insol6_CLID.bacpac /p:TargetEngineVersion=Latest