A few weeks ago I wrote about the importance of minimizing SQL Azure’s attack surface. My point was to bring awareness to the fact that when you check the “Allow other Windows Azure services to access this server” check box when creating a SQL Azure server you’re opening the server up to potential attacks from within the data center. The solution, as I wrote is fairly simple. All you need to do is uncheck the box and add a rule to the SQL Azure firewall that only allows traffic through from you Azure service’s virtual IP address (VIP). To drive the point home I thought I’d create a screencast to show you exactly what I do. Click on the image below to watch and enjoy!