For attending the uh Women in Technology Global Conference 2023. Um I'm so honored to be here and able to speak at this conference. So myself, I am DTI Gogoi today. I'm going to talk about is your security concepts uh session. So hopefully you'll, you'll like it.So let's get started myself. I'm DTI Go Guri. I'm a database administrator having about like eight years of experience as a DB A, I'm a data platform, MVP, Microsoft Valuable Professional. Um I had the honor of getting this award a couple of months ago. So um it's an honor to have this award. Um And I'm a Coors for a couple of user groups. I'm a Coors for diversity and inclusion user group, um and Microsoft Data and A I South Florida user group and also data um TGIF user group. And uh I also do volunteer for women in technology user group as well. Apart from my work and my community work, I love doing arts and crafts. Um And if you'd like to contact me later at DB N Nuggets is my user ID for Twitter DB N nuggets dot com. It's my website. I usually do blogging about SQL server and Asia. If you are like, if you are like, if you wanted to know more about it, please visit my website and I'm very active on linkedin. Um Please contact by my name Deepti Oguri. You'll find me. So today, uh let's start with the analogy of a bank bank robbery.

So let's say a bank. Um There is a bank, whatever bank it is. I called old bank. Let's say, um, I got the picture of the old bank and, uh, one of the, uh, one of the thieves, he wanted to rob the money from the bank. Let's say he, his target is to, um, go and break the, our locker, um, the money war locker and then grab all the money, uh, before the police reach before, uh, before police cash in. So in, during the, like if you go to the bank, you'll have like a parking lot in the bank and there are like security cameras in place and like there are locks. If it is in the night, there are, there are locks in place, um, to the main, a locked door to the main bank door. So let's say this thief has actually crossed the parking lot. He, he will be captured in the security cameras. Of course, but if he, if he covered himself up, he, they cannot recognize. So he will break the main door, let's say, but he enters into the, into the bank and he wanted to break the like locker doors, but there are like several lockers out there. It get, he got frustrated by, you know, amount of work you have to do. So, he will skip that and he will go to the actual, um, keyword locker room. But there is this digital lock in place.

So you, you need to go ahead and enter the password to, uh, to even open up the, um, door so that he can break the money one, let's say. So he tried a couple of the passwords, but it didn't work. So, um as it is a digital lock, there might be the uh two factor authentication set up. So when, once he, they're unable to do it, there will be an alert sent to the mobile phone or to the security guard, uh where, you know, to enter the security code. Um So he couldn't do that. But then as he tries multiple, there might be another alert set up to directly go to the car to the 911. So police are, the police are ready to come. They, like they started by the time he even try, you don't even have to enter into the wall. He, he's still blocked at the digital lock, he couldn't able to open it. So, so that, that those many security layers are in place to secure the money in the money vault of the bank in the same way in Asia, we have like several layers of security in place before reaching the data itself. In Asia, like data is like money, right?

So let's go ahead and talk about each of these network, like each of these security layers in Asia in depth. So the first layer is network security, it's like the it's like the security cameras in the parking lot, that's the outer layer of security. And as you go deep, you have different layers of security. So we are going to talk um about all of the security layers today. So let's talk about the network security, which is the top level of security in Asia. So there, there are like four different options we have in Asia, like in the network security allow access to A R services, firewall rules, virtual network rules and privately. So as you go from the left side to the right side, the security will increase like left side, the lowest security and the right side, it's the highest security. So let's talk about each of these layers allow access to A R services is like it's like one on or off button. If you turn it on, then anybody in anybody in Asia, like in the in the Asia space can connect to your database. It's like when you're off, they couldn't connect. So it is the least secure option. But if, if I'm saying like least secure option, why is this option actually there? Right. So if you are like trying to build a developer database.

And if you wanted to make the quick connections without having to go to all of these ne network security um options that you have, you are a developer and you wanted to quickly connect to the database. That's when you choose this option, connect to your database, check all the things and then you can later maybe you'll drop the database because you are done with your testing. So in those, in those scenarios, you can use this option because any anything in Azure can connect outside of A R like on prem servers cannot connect with this option, right? And when you do the NS look up to see like how I'm connecting to the database, it's like it will show the public IP address and when you do the DNS hierarchy and this is a public as it had the public IP address, all of the information like like where is your database hosted and all of that information will be available, which is not secure.

So let's go to the next level of security like the network security, which is firewall rules. You know, when you have the on prem servers, you build those firewall rules to connect to one server to the other server. It's a similar way when you are having the firewall rules in Asia, any of the services connecting to your database needs to have this firewall rules enabled. And even this is not secure, but the thing here is when compared with the previous option is like it will allow the on prem connections because on prem servers also have this option enable, like create the firewall rules enable. But if you see it still have the public IP address and DNS hierarchy control ring information where your database is hosted, it's still public, like it still shows that information which is not secure. The third option is virtual network rules. So let's say you have multiple virtual network rule, multiple virtual networks trying to connect to your database. All of these multiple virtual networks are connected to each other by using like technologies like we net to be net. And uh um there are like multiple um multiple technologies out there. Example, we need to be net they do connect it to your Azure SQL database.

So as you choose this option, you just have to create one virtual network rule on a virtual network which is directly connecting to your database. So once you do that, when you do the NS look up as this option have like private IP address, some of the information is not shown like um like for example, like region controlling information is still shown, but you don't have to deal with like creating multiple firewall rules.

You just have to create one virtual parr but still this is not secure. The most secure one is private link is because like once you enable this private uh link with the private endpoint option, you will just create one private endpoint that is directly connected to your database, which will give the private IP address to your database and any services that wanted to connect to your database.

No matter if it is on prem or like Asia, they have to pass through this private um private endpoint and it will automatically block all the public access. So it is really secure because when you do the NS look up and see like where your database is hosted, those kind of information is not available anymore. It's totally private. The way do we see this option in Asia? Right? Once you're connected to the portal dot asia dot com, um you like in my demo, I'm using the SQL server security demo that a security demo is my SQL server name that I have been built. So once you open that app, left side your screen underneath the security, you have networking option. And if you see the number one at the bottom of the screen with the highlighted that is lo Azure services and resources to access to the server. If you enable that anything in Asia can connect, that's the first option from left side. Now, the second option, if you see the highlighted one, I'm just adding the firewall rule like I want to connect from the local computer. So I just added my local computer to the firewall, I just added the IP address.

So my, I can connect directly from my local computer to the hr So once I enable that option, the second option, I can go ahead and connect to the Azure SQL database from my local computer management studio and I will be able to because I added my, I, I added the firewall, right?

So I can able to connect. Now, let's go ahead and directly the private one, like not the virtual network because di let's dive deep into the like, what is the um last private end point, right? Like how to create that underneath the SQL server that you have been built underneath the secu underneath the security blade, go to networking and there you have the private access. So once you click on the private access, you can create the private end point. I'm not going to show you how to create the private endpoint because it is very simple. All you need is like the subscription ID um on which private um on which private network you want to create your private endpoint, those kind of information. So I have created the private endpoint, let's say now I would like to go ahead and I would like to connect to a virtual machine which have this private endpoint enabled because while you create the private Endpoint, you have to provide with which private network you want to create this private endpoint.

So once I create that I'll go to that particular private um network, one of these private um virtual machine, one of these virtual machine on that private network and I'll try to connect it to the HR SQL database from there and I'll try to see from where I'm trying to connect.

So I'll get an IP address and that is a private IP address. Now, how do I know that it is a private IP address? I would like to go back to the Azure portal and connect it to that particular virtual machine where I try to connect to the A R SQL database from there. I will see like private IP address is totally private, like 10.0 0.0 0.7 which is not like public IP address. It is not shown which is secure right now. Let's go ahead and talk a little bit about identity and access management, which is one of the secure security layers in Asia. So when we talk about like identity and access management, we need to talk about authentication and authorization authentication is all about like um proving, proving that you are the authorized person to enter into Asia. So uh for example, like when you try to enter into the like as your portal dot asia dot com, you will get that authentication like for to the authenticator app where you need to do the two factor authentication where you need to type in the code that it provides and then enter into as right, you'll get a code to your phone authentication app.

So that is a multi factor authentication and both the Azure SQL and the managed instances will support sequel authentication as well as Azure active directory authentication. Or you can only choose Azure active directory authentication only. And while you are building the SQL server, while you are building a R SQL database, you need to create the logical server. So while building the logical server, you need to provide the id and password, the that id and password will become the server level principle. It will become the server admin. And if you are building the managed instance, then the id and password that you provide while you are building the managed instance that will become the CIS admin server role, it will automatically become the CIS admin. Now, let's talk a little bit about authorization. Now, authentication is all about like proving who you are while entering into Asia. But authorization is directly linked to the resources that you are trying to connect in Asia, like the tables columns, database, those sort of things.

So it is controlled by both. It is controlled by the rules, database roles, custom roles. You can build that in Asia SQL database as well as managed instance. And if you want to go deep down into like least privileged, you can also give the role level security um as well. Now, where do you see this particular um like the uh like I said, like when you are building the logical server, you'll have that ID and password, which will become the server, right? So here DG test server is my logical server. And if you see here the right side of your screen server admin shows us DT that is my server admin. While I build this logical server I provided that ID, so that will automatically get it automatically becomes the server admin. Now, let's talk a little bit about role based access control, which are the automated rules like the default rules that we have in Asia. So what is this role based access control? It's all about like what can and cannot be done with the resources within Asia, like a resource group, databases, tables, those sort of things, all the resources in Asia.

So there are like three basic uh default roles that we have in Asia, owner, contributor and reader owner can do everything they can read, modify and assign other users to those resources in your Asia contributor. They can only read and modify but they cannot assign other people to use those resources, they cannot assign other users. So reader as the name itself says, they can only read the resources but they cannot modify or assign other users to the resources. And these role, role based access control. These particular roles can actually um they can be inherited like they can be inherited from the level like um subscription resource group as well as to the resources. They can be inherited. So um so where do, where do I see these? Right? So how, how do I see these role based access control? In order to see the role based access control, we need to uh try to uh create a user so that we can see those roles. So underneath the DG test server, logical server that I have been with left side of your screen, you see access control, which is I am click on that and then go ahead and try to add, add a role assignment so that you can see underneath the role. You can see these three roles that I was talking about, owner, contributor and reader. And under the description, you can see what each of these role means. Now let's talk about the logins users and differences, tuberculosis L logins users and differences.

So let's see what are the differences between these logins users, between the managed instance and Azure SQL database. So underneath the like if you are building a managed instance, um the, the account that you build the managed instance can be the Azure active directory server admin.

It will be the Azure active server admin. You can also have the SQL or the Azure active logins and Azure active directory logins. You can have both the sequel or Azure active directory logins and you can create the database users which are associated with the logins or you can just create the contained users. So contained users are nothing but they just have the user id, login and sorry, user id and password. They don't need to have the associated login at the server level. Now, when you compare that with the Azure SQL database, almost, most of the things are same. But the difference is like there are additional rules that you have a SQL database like for example, uh the loin manager DB manager, these are the roles that are located like that are there just so that you don't have to give the users the server admin role, you have these additional roles that are there.

So you still can um create the content users and uh database users. But the thing that the important thing that you have to remember here is if you want to create the um users right, within the database, you have to log in to the Azure SQL database as the Azure active directory server admin only. You can't log in as a SQL uh SQL login and you can't create the users. You have to be the Azure active directory server admin. You need to have those permissions and you need to log in with that server admin role. Let's talk about the data encryption, which is another layer of security measure. So when we talk about the data protection, we have like uh um a couple of layers here which are like encryption in transit is all about encrypting the data while it is moving in. And out of the database that's encryption in transit encryption at rest is all about the data which is actually stored in the drives, whether that data is protected or not. And this is enabled by default, both encryption and transit encryption address and encryption in use. All of these are always encrypted, they are encrypted by default. So encryption in use like we have seen like data while it is moving in and out of the database, it needs to be encrypted. While it trust on the drives, it needs to be protected.

But data, while it is being processed, while the queries are being processed, it still have to be encrypted. So that's encryption in use. Now let's go ahead and dive deep into each one of these to see how they work encryption in transit. Like I said, it is actually the data for being protected while moving in and out of the database to like from the database to application from the application to the database, right? While it is being transferred and it is uh it is encrypted through TLS which is transparent layer security and it is enforced all of the time. All you have to do is you need to make sure the TLS version that you are selecting in Asia. It is, it is um it is actually aligned with the option from your application, whether the TL absorption that you are choosing in Asia, whether it is accepted by your application. Because not every time that is accepted. Like if you are using older PLS version and if your application doesn't want to use the older function, you need to update that version and you need to make sure like encryption connections from your application is always turned on because if you turn it off and if you are using TLS version, you will be not able to connect to the database.

So where do I see this? Right underneath the digital server which is a logical server underneath the security, go to networking blade and underneath the connectivity right underneath the encryption in transit, you see the TLS version 1.2 is the latest version and old one like 1.0 for example, it is deprecated.

So you need to make sure the version which you are using here is uh is supported by your application as well. Now the next one is encryption rest which is like you need to make sure the data in your drives are also encrypted while being uh pulled uh from the, from the drives to processing and while being pushed to the uh pushed to the drives back again, whether it is being encrypted.

So how is this done? It is done by using um Microsoft managed keys. So basically you can give the hr um the ability to take care of these keys for you, which is by default, it is enabled. But if you want to take care of like generating the keys to protect your drives. And then um uh like for example, the key generation rotation of these keys with the new passwords. If you want to take care of it, then that is known as bring your own key where you will build your own key and you will make sure like you are rotating the keys, expiration of the keys, those sort of things. Now let's go ahead and see how we can actually do this underneath the security demo, which is my SQL server left side of your screen underneath the security. You see the transparent data encryption. So the data encryption address is done by the transparent data encryption. Once you click on that, you have like the first option, transparent data encryption, which show two options over there service managed key, customer managed key. Now if you choose the service managed key, that means you are telling A R let you guys go ahead and take care of the keys. I don't want to be involved with that. I'll just click on service manage key, which is by default service managed key.

But if you want to take care of those keys, generating of those keys, managing those keys, rotating those keys, you need to click on customer manage key that is bring your own key. So to be uh like once you select that you need to go ahead and create the key in the first place to even select the key we need to first create the key, right? So all these keys should be stored somewhere. So we have like keyboard in Asia, uh which is a product of Asia. You need to create the keyboard so that you can save all these keys in the keyboard. Now, the first step is to go ahead and create the keyword. Now how to create the keyword, go ahead and search on the search bar, keyword and it will open up the open up the page where you will be providing the subscription, um which subscription you have and then giving this uh giving this keyboard name and sort of things. Um very simple. So o once you do that y your keyboard is ready to go, you can create as many as keyboards as possible. Like if you have like multiple customers um like multiple uh customers, like for every, for every customer, you can have like keyword, separate keyword where you can store those specific keys in that keyword. So let's go ahead and create the key underneath the objects.

You see the key, click on the key and then here I created two keys. Now, I would, I would like to go ahead and show you what kind of information we need while creating this case. So for example, I'm clicking on security, one of the security um key that I have created. Now, if you see here, it is showing the current version, that version will automatically be popped up. It's like uh uh it's like the issue will take care of that. Um And you did you see the activation date and the expiration date, those of those sort of things that you have to um make sure you create those. And once I click on that, like once I click on that particular current version, like click on that one to see more details into it. Now, if you see the key type rsars, a key size, do not worry about any of those because those are automatically popped up. But the main thing that you have to remember here is what is the activation date? What is the expiration date? And do I really have to give the access here itself? Like whether um what kind of permissions can I permit to this? You need to give the users the encryption decryption option, uh permissions, right? It's not like creating the key and that's it. You are done. You need to give the users who can access it.

So uh click the permissions bottom of the screen, you can give the permitted operations and that's how you'll be creating the key. And then underneath the access policies in keyword, you can see see like whom do you want to give the permissions to grab and un grab this key? You can go ahead like you can see my name over there, Deepti Gouri, I have given that all permissions to that particular account. Now, once you click the key, once you create the key, now go to the same exact original page where you have actually uh selected to customer manage the key. Now you go ahead and select the key that you have actually created. So you need to click on change key at the bottom, change key. And then underneath that create uh like select the keyword you wanted to select and also select the key that you wanted to select to use for your transparent data encryption and then select that key. Once you select that key, click on save, which will actually save and you can give the permissions to the users to access, like give the access to that particular keys. Now, the next level of security like within the in the transparent data encryption is encryption.

Use like your data needs to be also protected while it is being processed by queries. Now how it is done by using the data enclaves. It is also known as secure enclaves. So basically what happens here is there is this drive SQL client driver in between your uh database client as well as your engine where your queries will be encrypted and decrypted by using the SQL client driver. So basically the database engine will dedicate the operations on encrypted data to the enclave where the data can be safely de decrypted and processed. So there are like specific queries like complicated queries that can use these enclaves um like for example, pattern matching like operators range queries greater than less than um et cetera like sorting operations, indexing. And more like those sort of operations can use these enclaves to encrypt the data while it is being processed. Now, there is also other one like dynamic data masking that we need to talk about. It is similar to the masking of your data on prem. But please remember that data, dynamic data masking is nowhere related to the um encryption of the data on your drives because dynamic data masking is all about covering up your columns in your tables. It is not encryption. Remember that.

So for example, I have a adventure box database here. Mm I'm connecting to the portal dot azure dot com and we have a adventure works database here. So I it's like underneath the dynamic data masking blade. If you see there are like in one schema, I have enabled two table, two columns um and mask the columns. So just to choose the column that you want to mask and it will automatically provide you the mask function in nature. And in a similar way, you can actually um uh give the permissions to the users to actually access these mask columns just like the way you do it in on prem mask and unmask permissions that you give on. Prem it is the same way you give it in Asia. Now let's talk about the threat protection and detection. So thread protection have multiple layers again inside it. One of them is Azure defender. So underneath the Azure defender, we have SQL vulnerability assessment and SQL threat detection.

So when we talk about the vulnerability assessment, it's like Azure will analyze your, how did you configure your database? Once you configured your database, it will see like whether you configured the database properly and whether those configuration are aligned with the Azure standards.

And if it sees any um a any, like if it is not finding the standards that are up, like up to the standards, it will throw, like it will throw the S in the SQL vulnerability assessment. Those are the assessment details you can see and if you want to take action, you can take and if you want to ignore, you can also ignore it's up to you based upon your in internal, you know, internal standards of your computer and A R defender under the SQL threat protection is always, is always like, it's a continuous watchman.

Like if you have a watchman to your house, the watchman job is to see like who is entering and exiting the house and whether anybody is like threat, right, threat to the home in the same way once we enable the threat detection, like for example, if somebody else is trying to log in into your database from a different location and that location is not actually um they, nobody has actually entered before.

So it will immediately capture that information and it will throw an alert. And if it has actually set up an email alert, you'll also get an email immediately. So that's the SQL threat detection. And we also have the SQL auditing, which also comes under the thread protection.

So SQL auditing is similar to the SQL auditing that you have in REM, it's a similar way as your security center is like a one stop shop where you can see all of the information in one single plane. Now let's go ahead and talk about the as your defender. So once you go to the uh logical server that you have been with the server digi test server. In this case, the the first option that you have underneath the auditing is Microsoft defender for sequel. Now, once you enable that option, it will cost you $15 per server per month. This is like a, a paid version that you need to pay for server. And you can also provide the storage account. If you do not have a storage account, you can create one here right here and then we'll be providing the subscription details. And uh you will also provide like where do you want to send the details? Like uh in with the interval. If you want to select if you want to send the email to your email address, you can also provide that. And once you enable that right, give some time to collect the data and then underneath the digita server, go to the Microsoft Defender for cloud because we enable that. And now you see here's a couple of the recommendations here based upon the Azure standards.

And you can go ahead and click additional recommendations at the bottom of the screen to see more details. Like once you click on that, you will see all of the information like it will analyze with the Azure standards and it will provide you the uh information green is not that important like you can see but less impact. If you see the red one red symbol, then that means it is unhealthy, you have to go take a look of those. So for example, we would like to see one of them. Yeah, so I have actually so these are like the vulnerability assessments but the thing is like this is at the server level, but I can also see at the database level. Now let's go ahead and see the database level adventure works even underneath the database level. You will also see the Microsoft different of a cloud at the sub level, you can see as well as the database level. So once you click on the Microsoft different of a cloud, just go ahead and see like how many recommendations you got, what are the findings so that it says like three findings. Now let's go ahead and click on that and see more.

So it gave us like three recommendations, right? So the severity level right at your screen at the bottom, it shows like high and low. Now let's go ahead and click on one of those high and see what it is. Database owners are as expected. The first one, let's go ahead and click on that. So each thing is like remove unnecessary database owners to avoid granting excessive permissions or update the baseline to reflect the approved list of owners. So it says like more than one user is a owner. If do you really want those or I can provide you the script to remove those owners. If you want to take action, you can just go ahead and uh click like uh remove from the baseline if you want to remove from the baseline. And if you want to just add all the results that it provided to the baseline, you can also do that it's based upon your requirement. Now let's go ahead and talk about the auditing, right? It's similar way like auditing is enabled by default at the server level. That means like it is once you, once you enable at the server level, all the databases also will uh take that as an inheritance and it will start auditing. So underneath the server level, left side of your screen underneath the security, remember we are talking about the security may.

So underneath the security, you have auditing, click on auditing and if you see the details like the subscription details and if you want to create the default workspace in the power B I to see these details, you can create that. Um And then you can enable. The last option is to enable auditing of Microsoft support operations. Meaning like if you want your, if you want your data to be seen by Microsoft, like if you are opening a ticket with them for an issue and if they have to see your auditing reports, you need to enable this option otherwise they can't see. So it is recommended to enable this one. And once you do that go to the database level to see like how it will collect the data. For example, um e even the database level underneath the database level, you can still see the auditing underneath the security plan. So go ahead and click on that and click on view, audit locks, click on that to see to see the records. So here again, you need to click on view dashboard which will give like a graphical view like a pie chart and then um the histogram chart kind of things.

So if you see the the circle that is related to um that is related to the data governance, but let's go ahead and see the security insides of your SQL. Click on that and see the audit information. If you see the highlighted one, it says batch completed, um R PC completed. These are the events of the audits just like the way you have it in on prem, right? So click on that to see more details. So you see here um this is one of the audit, one of the audit information that has grabbed about like database in the log. So if you see like it will provide you the query, which database, which user what they have actually done all of that information. And you can actually do that in the query editor. If you want to edit anything, you can do that and run to filter it out and see more details. Now, let's talk about the last one which is data governance which comes under the data classification. So data classification is all about like you can classify your data based upon the sensitivity. Let's say you have a table within a database and the table have like ssl information like data birth information or like bank account information. Let's say you want to make sure like nobody is accessing that without you knowing. So you can actually um by using this data governance, you can actually tag them as the sensitive columns based upon their sensitivity.

So that once you enable that if anybody tried tries to access that column, no matter from where they are trying to uh run the query, it will capture that information in through auditing and in audit logs, you can see that information. Who accessed it. Why access, why they access this from? Where did they run from? Which computer? What query, whether they have run from the application or through SS MS manage everything everything is captured. But to do that, you need to first enable this data classification. Very simple underneath your database.

Go to the data discovery and classification uh blade. Once you click on that, it will give you certain, you know, um select options here. You need to select the scheme of the table, table name column on which column you want to create the sensitive label. And then what is the sensitive label? It is like highly confidential, confidential or low confidential, you can create those columns and it's so easy to do that, right? So once you do that, you can go to the same auditing uh tab from the database, like once you collect to the database, go to the auditing under the audit records, you can see that uh you can see the details of like what are the queries that has accessed my sensitive label columns.

And once you click on one of these and then again, you'll see the editor, the query editor and you can filter out like what information you want to see what query who has actually executed and what columns are being accessed it because these are under the sensitive columns, it will automatically be captured in auditing.

Now, um we have completed all the like main layers of security as an overview. But if you want to see the extended uh extension of this session I have a series of blog post on my website which is DB N nuggets dot com. You can visit my website and see more details. And I have followed like several resources on youtube, like from the Microsoft product teams talking about the each of these layers of security in depth. If you would like to know more, please follow these resources. And I would like to thank um women in Technology Global Conference one more time for giving me this very nice opportunity to present. And if you'd like to contact me on Twitter at DB N Nuggets is my user ID DB nuggets dot com is my website and you can contact me on linkedin by typing my name, Deepti Gouri. Thank you so much for attending, take care and I don't know like I see the participants. Um If you have any questions, you can type it in the chat window. I'll be waiting for like couple of couple of minutes to see if you guys have any questions or if you have any feedback, please fill up the feedback form for me and let me know like how I did if I need to improve anywhere, I'll wait for like a couple of minutes.

Uh If you are feeling shy and if you wanted to get in touch with me, you can contact me later and ask me the questions or like additional resources if you need any. Thank you, Joy. I see your message and, uh, you know, II, I spoke a little bit fast, I believe. Uh, but this is not the way I speak. Uh, but I would like to cover so much of information as much as I can in this presentation. So that was the reason. Like, I, I was little, I was a little bit fast. I know that I observed. Uh, but, yeah, and, um, I, I also, I'm going on, I'm also going to present on different topics, uh like performance tuning in Asia and like basics in Asia and those sort of things. Im more and more sessions coming up. I will usually post it on my linkedin and like on my Twitter. As I do, like, we have several user groups for free. You can attend and learn, learn the contents. These are all like under the Microsoft umbrella um of Azure community. Like if you, if you want to know more, you can contact me. I can surely um provide you that information as well and I hope uh nobody have uh any questions, but if you do, please contact me and uh have a great rest of your day. Thank you.

Bye.