SQL Server auditing should be enabled

Description

The Azure platform allows a SQL server to be created as a service. Enabling auditing at the server level ensures that all existing and newly created databases on the SQL server instance are audited. Auditing policy applied on the SQL database does not override auditing policy and settings applied on the particular SQL server where the database is hosted.

Portal Remediation Steps

  • Navigate to SQL Servers.

  • Select the SQL server.

  • In the left navigation in the Security section, select Auditing.

  • Set Auditing to On.

PowerShell Remediation Steps

  • To enable auditing for SQL Server, get a list of all SQL servers:

Get-AzureRmSqlServer
  • Enable auditing for each server:

Set-AzureRmSqlServerAuditingPolicy -ResourceGroupName <resource group name> -ServerName <server name> -AuditType <audit type> -StorageAccountName <storage account name>