Ensure that Azure Active Directory Admin is configured
Use Azure Active Directory Authentication for authentication with SQL Database.
Risk Level: Low
Cloud Entity: SQL Server on Virtual Machines
CloudGuard Rule ID: D9.AZU.IAM.04
Covered by Spectral: Yes
Category: Compute
GSL LOGIC
SQLServer should have adAdministrators length()>0
REMEDIATION
From Portal
- Go to SQL servers
- For each SQL server, click on 'Azure Active Directory' under 'Settings'
- Now, Click on Set admin in 'Azure Active Directory Admin'
- Select an admin
- Click Save
From TF
Set the 'login' argument under 'azurerm_sql_active_directory_administrator' as below:
resource "azurerm_sql_active_directory_administrator" "example" {
...
login = ADMIN-NAME
object_id = PRINCIPAL-ID
...
}
From Command Line
Run
az sql server ad-admin create --resource-group RESOURCEGROUPNAME --server SERVERNAME --display-name DISPLAYNAME --object-id OBJECTID
References
- https://docs.microsoft.com/en-us/azure/azure-sql/database/authentication-aad-overview
- https://docs.microsoft.com/en-us/cli/azure/sql/server/ad-admin?view=azure-cli-latest#az-sql-server-ad-admin-create
- https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/sql_active_directory_administrator
SQL Server on Virtual Machines
SQL Server on Azure virtual machines enables you to use full versions of SQL Server in the Cloud without having to manage any on-premises hardware. SQL Server VMs also simplify licensing costs when you pay as you go.
Azure virtual machines run in many different geographic regions around the world. They also offer a variety of machine sizes. The virtual machine image gallery allows you to create a SQL Server VM with the right version, edition, and operating system. This makes virtual machines a good option for a many different SQL Server workloads.
Compliance Frameworks
- Azure CIS Foundations v. 1.1.0
- Azure CIS Foundations v. 1.2.0
- Azure CIS Foundations v. 1.3.0
- Azure CloudGuard Best Practices
- Azure HITRUST v9.5.0
- Azure ITSG-33
- Azure NIST 800-53 Rev 5
- CloudGuard Azure All Rules Ruleset
Updated over 1 year ago