iCompaas Support

Profile Applicability:

• Level 1
  

Description:
 Enabling Microsoft Entra Authentication ensures that authentication with identities from Microsoft Entra ID is used, providing centralized identity management for all authentication, authorization, and accountability activities across services.

Rationale:
 Centralized Identity and Access Management (IAM) through Microsoft Entra ID helps mitigate the risks of decentralized authentication systems and simplifies permission management. This configuration ensures that authentication is consistent and scalable across Azure services, eliminating the need to manage separate credentials.

Impact:

• Pros:
  

  • Simplifies identity management across services.
    

  • Supports secure, token-based authentication.
    

  • Allows centralized control for user access and permissions.
    

  • Reduces the administrative overhead of managing multiple authentication mechanisms.
    

• Cons:
  

  • May require additional configuration and coordination with Microsoft Entra ID.
    

  • Some Azure resources may require licensing for full functionality.
    

Default Value:

By default, Microsoft Entra Authentication is not enabled when a new service or resource is created.

Pre-requisites:

• Ensure that Microsoft Entra ID is set up and configured for your Azure environment.
  

Remediation

Test Plan:

Using Azure Portal:

1. Open the Azure Portal: https://portal.azure.com.
   

2. Navigate to SQL servers.
   

3. For each SQL server, click on Microsoft Entra admin under the Settings section.
   

4. Ensure that a value is set for Admin Name under the Microsoft Entra admin section.
   

Using Azure CLI:

1. Run the following command to list the SQL Server admins:

az sql server ad-admin list --resource-group <resource-group> --server <server>

2. For each SQL Server, run the following command to check the administrators:

Get-AzSqlServerActiveDirectoryAdministrator -ResourceGroupName <resource-group> -ServerName <server-name>

Implementation Plan:

Using Azure Portal:

1. Navigate to SQL Servers in the Azure Portal.
   

2. For each server, click on Microsoft Entra admin.
   

3. Click Set admin, select an admin, and click Save.
   

Using Azure CLI:

1. To assign an Entra ID admin, run the following:

az sql server ad-admin create --resource-group <resource-group-name> --server <server-name> --display-name <admin-display-name> --object-id <object-id>

Backout Plan:

Using Azure Portal:

1. Go to SQL Servers and click on Microsoft Entra admin.
   

2. Remove the admin setting and save.
   

Using Azure CLI:

1. Run the following command to remove the Entra ID admin:

az sql server ad-admin delete --resource-group <resource-group-name> --server <server-name>

References:

• Azure Active Directory Admin for SQL Server
  

• Microsoft Entra ID