Remediation
From Azure Portalβ
- Go to
SQL servers. - For each SQL server, under
Security, clickAuditing. - If
Storageis checked, expandAdvanced properties. - Set
Retention (days)to a value greater than90, or0for unlimited retention. - Click
Save.
From PowerShellβ
For each Server, set retention policy to more than 90 days.
Log Analytics Exampleβ
Set-AzSqlServerAudit `
-ResourceGroupName {{resource-group-name}} `
-ServerName {{sql-server-name}} `
-RetentionInDays {{retention-days-min-90}} `
-LogAnalyticsTargetState Enabled `
-WorkspaceResourceId "/subscriptions/{{subscription-id}}/resourceGroups/{{resource-group-name}}/providers/Microsoft.OperationalInsights/workspaces/{{workspace-name}}"
Event Hub Exampleβ
Set-AzSqlServerAudit `
-ResourceGroupName "{{resource-group-name}}" `
-ServerName "{{sql-server-name}}" `
-EventHubTargetState Enabled `
-EventHubName "{{event-hub-name}}" `
-EventHubAuthorizationRuleResourceId "{{event-hub-authorization-rule-resource-id}}"
Blob Storage Exampleβ
Set-AzSqlServerAudit `
-ResourceGroupName "{{resource-group-name}}" `
-ServerName "{{sql-server-name}}" `
-BlobStorageTargetState Enabled `
-StorageAccountResourceId "/subscriptions/{{subscription-id}}/resourceGroups/{{resource-group-name}}/providers/Microsoft.Storage/storageAccounts/{{storage-account-name}}"