Ensure that Azure Active Directory Admin is Configured for SQL Servers

Use Azure Active Directory Authentication for authentication with SQL Databases.Azure Active Directory authentication is a mechanism of connecting Microsoft Azure SQL Databases and SQL Data Warehouses using identities in an Azure Active Directory (Azure AD). With Azure AD authentication, you can centrally manage the identities of database users and other Microsoft services in one central location.

Risk Level: Low
Cloud Entity: SQL Server on Virtual Machines
CloudGuard Rule ID: D9.AZU.IAM.03
Covered by Spectral: Yes
Category: Compute

GSL LOGIC

SQLServer should have adAdministrators contain [ name='ActiveDirectory' ]

REMEDIATION

From Portal

  1. Go to SQL servers
  2. For each SQL server, click on Active Directory admin
  3. Click on Set admin
  4. Select an admin
  5. Click Save

From TF
Set the 'login' argument under 'azurerm_sql_active_directory_administrator' as below:

resource "azurerm_sql_active_directory_administrator" "example" {
	...
	login = "ADMIN-NAME"
	...
}

From Command Line
Run

az sql server ad-admin create --resource-group RESOURCEGROUP --server SERVERNAME --display-name DISPLAYNAME --object-id OBJECTID

Note:Azure Active Directory Authentication for SQL Database/Server is not enabled by default.

References

  1. https://docs.microsoft.com/en-us/azure/azure-sql/database/authentication-aad-overview
  2. https://docs.microsoft.com/en-us/cli/azure/sql/server/ad-admin?view=azure-cli-latest#az-sql-server-ad-admin-create
  3. https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/sql_active_directory_administrator

SQL Server on Virtual Machines

SQL Server on Azure virtual machines enables you to use full versions of SQL Server in the Cloud without having to manage any on-premises hardware. SQL Server VMs also simplify licensing costs when you pay as you go.

Azure virtual machines run in many different geographic regions around the world. They also offer a variety of machine sizes. The virtual machine image gallery allows you to create a SQL Server VM with the right version, edition, and operating system. This makes virtual machines a good option for a many different SQL Server workloads.

Compliance Frameworks

  • AZU PCI-DSS 4.0
  • Azure CIS Foundations v. 1.0.0
  • Azure CIS Foundations v. 1.1.0
  • Azure CIS Foundations v. 1.5.0
  • Azure CIS Foundations v.2.0
  • Azure CSA CCM v.3.0.1
  • Azure CloudGuard Best Practices
  • Azure CloudGuard SOC2 based on AICPA TSC 2017
  • Azure GDPR Readiness
  • Azure HIPAA
  • Azure HITRUST v9.5.0
  • Azure ISO 27001:2013
  • Azure ITSG-33
  • Azure LGPD regulation
  • Azure NIST 800-171
  • Azure NIST 800-53 Rev 4
  • Azure NIST 800-53 Rev 5
  • Azure NIST CSF v1.1
  • Azure New Zealand Information Security Manual (NZISM) v.3.4
  • Azure PCI-DSS 3.2
  • CloudGuard Azure All Rules Ruleset