SQL Server auditing retention should be greater than 90 days

Description

Audit Logs can be used to check for anomalies and give insight into suspected breaches or misuse of information and access.

Portal Remediation Steps

  • Navigate to SQL Servers.

  • Select the SQL server.

  • In the left navigation in the Security section, select Auditing.

  • Select Storage Details and set Retention (days) greater than 90 days.

  • Click OK > Save.

PowerShell Remediation Steps

  • To enable retention for a SQL Server:

set-AzureRmSqlServerAuditing -ResourceGroupName <resource group name> -ServerName <server name> -RetentionInDays <Number of Days to retain the audit logs, should be 90 days minimum>