iCompaas Support

Description:

Enabling auditing on SQL Server records database activities and stores them in a log destination such as a Storage Account, Log Analytics workspace, or Event Hub. Auditing helps organizations meet compliance requirements, monitor database activity, and detect unusual or suspicious behavior that could indicate security risks or operational issues.

Rationale:

Azure SQL Servers act as a platform service where multiple databases can exist. Enabling auditing at the server level ensures that all current and future databases on that server are automatically audited, providing consistent logging across the environment. Server-level auditing is not overridden by database-level settings, ensuring that critical activity is always captured.

Impact:

Enabling SQL Server auditing increases visibility into database activity and strengthens security, but it also generates additional log data that must be stored, monitored, and managed. Organizations may need to plan for storage costs and ensure proper log review processes are in place.

Default Value:

By default, SQL Server Auditing is disabled (Off) in Azure.

Pre-requisites:

• Admin permissions on the SQL Server.

• A Storage account, Log Analytics workspace, or Event Hub is available for audit logs.

Test Plan:

1. Sign in to the Azure portal at https://portal.azure.com,

2. In the portal, search for SQL servers and open the required SQL server.

3. Under the Security section, go to Auditing.

4. Check whether Enable Azure SQL Auditing is On or Off.

5. If it is off, follow the Implementation steps.

Implementation Steps:

1. Sign in to the Azure portal at https://portal.azure.com

2. In the portal, search for SQL Server and select the SQL logical server under Azure SQL Database, then open the server you want to configure.

3. In the left menu, under the Security section, select Auditing.

4. Turn on SQL Auditing by enabling “Enable Azure SQL Auditing.”

5. Select the required audit log destination, such as a Storage account, Log Analytics workspace, or Event Hub.

6. Click Save at the top of the page.
   
   

Backout Plan:

1. Sign in to the Azure portal at https://portal.azure.com.

2. Search for SQL Server and select the SQL logical server under Azure SQL Database, then open the server you want to configure.

3. In the left menu, under the Security section, select Auditing.

4. Turn off “Enable Azure SQL Auditing” by switching it from On to Off, and remove any configured audit destinations if required.

5. Click Save to apply the changes.

References:

• https://learn.microsoft.com/azure/azure-sql/database/auditing-overview

• https://learn.microsoft.com/azure/azure-sql/database/auditing-configure

• https://learn.microsoft.com/azure/azure-sql/database/auditing-best-practices