Ensure that the "Auditing" feature is enabled within your Microsoft Azure SQL server configuration settings in order to monitor your SQL databases for security, compliance and troubleshooting purposes. Microsoft Azure allows an SQL server to be created as a service. Enabling auditing at the server level ensures that all existing and newly created databases on that SQL server are audited.
This rule resolution is part of the Conformity Security & Compliance tool for Azure.
Once enabled, the SQL database auditing starts recording database events and writes them to an audit log created within your Azure Storage account, OMS workspace or Event Hub. The logging data recorded can be extremely useful for maintaining security and regulatory compliance, understand database activity and trends, and gain insight into anomalies that could indicate potential security violations.
Audit
To determine if database auditing is enabled for your Microsoft Azure SQL servers, perform the following actions:
Remediation / Resolution
To enable SQL database auditing for your Microsoft Azure SQL database servers, perform the following actions:
References
- Azure Official Documentation
- Get started with SQL database auditing
- CIS Microsoft Azure Foundations
- Azure Command Line Interface (CLI) Documentation
- SQL
- Get-AzSqlServer
- Get-AzSqlServerAuditing
- Set-AzSqlServerAuditing
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Enable Auditing for SQL Servers
Risk Level: Medium