Using a sql 2014 image (on Azure) I created the VM. I can access it directly from my Desktop by going to the "...cloudapp.net" address. This mean the sql server box is directly accessible from the outside. (Yes a username\pwd is required to enter but the box is directly accessible). How can the security of this setup be improved?

TIA,

edm2

You can change port for accessing but that is only making it a bit harder and taking more time to find what port is used.

What you can do to make security better is to block all ports at endpoint (preventing any access from outside) and use VPN to access your VM.

https://azure.microsoft.com/en-us/documentation/articles/vpn-gateway-site-to-site-create/

http://jeffgraves.me/2012/10/26/windows-azure-vpn-walkthrough/

Great answer. But you confirmed that out-of-the box  the server is accessible. Thanks for the vpn-walkthrough  articles. Thanks,

edm2