4. Database Services

4.1.1 Ensure that 'Auditing' is set to 'On'
Description: Enable auditing on SQL Servers.Auditing helps to maintain regulatory compliance, understand database activity, and gain insight into discrepan...
Mon, 25 Oct, 2021 at 8:35 AM
Ensure that 'Data encryption' is set to 'On' on a SQL Database
Profile Applicability: Level 1 Description: Enable Transparent Data Encryption on every SQL server.All newly created databases in SQL Database are en...
Tue, 26 Oct, 2021 at 9:30 AM
Ensure that 'Auditing' Retention is 'greater than 90 days'
Description: SQL Server Audit Retention should be configured to be greater than 90 days.SQL Server Audit Retention should be configured to be greater th...
Tue, 26 Oct, 2021 at 9:32 AM
Ensure that Advanced Threat Protection (ATP) on a SQL server is set to 'Enabled'
Description: Enable "Azure Defender for SQL" on critical SQL Servers. Advanced Threat Protection (ATP) on a SQL server is set to 'Enabled'...
Thu, 28 Oct, 2021 at 12:31 AM
Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account
Description: Enable Vulnerability Assessment (VA) service scans for critical SQL servers and corresponding SQL databases. Rationale: Enabling Azure Defen...
Thu, 23 Sep, 2021 at 6:28 AM
Ensure that VA setting Periodic Recurring Scans is enabled on a SQL server
Description: Enable Vulnerability Assessment (VA) Periodic recurring scans for critical SQL servers and corresponding SQL databases. Rationale: VA settin...
Thu, 28 Oct, 2021 at 12:33 AM
4.3.1 Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server
Profile Applicability: Level 1 Description: Enable SSL connection on PostgreSQL Servers.Azure Database for PostgreSQL supports connecting your Azure ...
Thu, 28 Oct, 2021 at 1:06 AM
Ensure that VA setting Send scan reports to is configured for a SQL server
Description: Configure 'Send scan reports to' with email ids of concerned data owners/stakeholders for a critical SQL servers. Rationale: Vulnera...
Thu, 28 Oct, 2021 at 12:38 AM
Ensure that VA setting 'Also send email notifications to admins and subscription owners' is set for a SQL server
Description: Enable Vulnerability Assessment (VA) setting 'Also send email notifications to admins and subscription owners'. Rationale: VA scan r...
Thu, 28 Oct, 2021 at 12:35 AM
Ensure SQL server's TDE protector is encrypted with Customer- managed key
Description: TDE with Customer-managed key support provides increased transparency and control over the TDE Protector, increased security with an HSM-backe...
Tue, 22 Aug, 2023 at 5:05 AM