> For the complete documentation index, see [llms.txt](https://docs.devolutions.net/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.devolutions.net/rdm/getting-started/checklist-for-third-party-team-workspaces/select-a-third-party-team-workspace.md).

# Select a Third-Party Team workspace

This article is intended for teams planning to use Microsoft SQL Server or Microsoft Azure SQL as their workspace.

To assist with selecting the appropriate workspace, here is a set of concerns and the list of workspaces that can serve in such a context.

{% hint style="danger" %}
When choosing a non-on-premises workspace, it is important to account for the security of data both at rest and in transit. It is strongly recommended to further encrypt data using a master key for file-based solutions or a [security provider](https://docs.devolutions.net/rdm/commands/administration/security-providers/) for [advanced workspaces](https://docs.devolutions.net/rdm/workspaces/workspace-types/native-workspaces/), ensuring that only authorized parties can access the data.For enhanced security features such as encryption at rest and in transit, restricted database access, and [zero-knowledge encryption](https://blog.devolutions.net/2023/05/unraveling-zero-knowledge-and-zero-trust-concepts/), consider our [Native Team workspaces](https://docs.devolutions.net/rdm/getting-started/checklist-enterprises/select-workspace-type/).
{% endhint %}

<table><thead><tr><th width="334">Concern</th><th align="center">Microsoft SQL Server</th><th align="center">Microsoft Azure SQL</th></tr></thead><tbody><tr><td>Unaccessible database to end users</td><td align="center"><p>Note 1</p><p>Note 2</p></td><td align="center">Note 1</td></tr><tr><td>AD accounts used for authentication</td><td align="center">X</td><td align="center"></td></tr><tr><td>Data stored on-premises</td><td align="center">X</td><td align="center"></td></tr><tr><td>Activity logs</td><td align="center">X</td><td align="center">X</td></tr><tr><td>Data accessible globally</td><td align="center">Note 3</td><td align="center">X</td></tr><tr><td>Optional local cache of connections</td><td align="center">X</td><td align="center">X</td></tr></tbody></table>

#### Notes

**Note 1**

Administrators can create end-user accounts without sharing passwords by importing a locked workspace definition for each user. However, this process involves significant manual effort by the administrator.

**Note 2**

Integrated security is a Microsoft technology that allows access to an SQL Server instance without transmitting credentials, relying on the authentication token from the Windows environment. This allows users to connect directly to the database using other tools, but it should not be used if preventing direct database access is required.

Our SQL Server workspace provides a third authentication option, ***Custom (Devolutions)***, which allows user impersonation without revealing the credentials used to connect to the database. For more information, refer to [User management](https://docs.devolutions.net/rdm/commands/administration/user-management/).

**Note 3**

It is possible to expose a database to the Internet, but SSL/TLS encryption is necessary to secure the traffic and mitigate risks like DDoS attacks. Cloud services, such as Azure, prioritize this concern. The default firewall settings should block all traffic initially, with exceptions and rules added as needed. Additionally, open only the essential ports, add them to the exception list, and filter incoming requests based on their origin.


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.devolutions.net/rdm/getting-started/checklist-for-third-party-team-workspaces/select-a-third-party-team-workspace.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.