PASS Summit East (Chicago) - Full day Security-workshop with Andreas Wolter

When

May 7, 2026    
All Day
Download ICS Google Calendar iCalendar Office 365 Outlook Live

Where

Abstract:

Stop the “Security Theater” and build a truly defensible data platform. This full-day workshop on security for SQL databases across SQL Server, Azure SQL, and Fabric is driven by real security risks encountered – and abused – in the field.

Common security recommendations often focus blindly on features like Transparent Data Encryption (TDE) or flagging sysadmin membership without providing practical guidance. This approach creates a false sense of security or unnecessary alarmism while leaving actual attack paths ignored.

This PreCon focuses on what actually holds up in real environments. Based on real-world assessments and breach scenarios, you will learn how attackers move through database environments – and how to make their job harder, limit blast radius, and detect them earlier using practical approaches grounded in Zero Trust and real-world operability.

We will also look at what auditors actually check – and where common implementations fall short.

Drawing on 25+ years in the field – including leading security feature development for SQL Server and Azure SQL at Microsoft, contributing to the SQL Server 2022 permission model, and advancing vulnerability assessment and Microsoft Purview-based governance capabilities – Andreas Wolter provides an inside-out view of the built-in security features, how to use them effectively and where there are gaps to consider.

We move beyond checkboxes and learn about:

  • Identity and authentication: SQL vs Windows AD vs Entra ID, NTLM deprecation, Kerberos readiness, service account hygiene, and where platform changes in SQL Server 2025 improve security.
  • Access control in practice: roles, permissions, and common escalation paths, applying Least Privilege to minimize the blast radius.
  • Data protection: encryption strategies and tamper evidence with Database Ledger
  • Auditing and detection: building a minimal viable audit, Extended Events vs Auditing.
  • Network- and system security configuration: what to avoid, what to use and why it matters
  • Security implications through Fabric OneLake.
  • Microsoft Purview for Data Discovery and Data Governance (intro).

 

..and of course, demos of privilege escalation and authorization bypasses and how to prevent them.