Ensure that SQL Database Auditing is Enabled

Ensure that SQL Database Auditing is enabled in order to keep track of Audit events.

Risk Level: Low
Cloud Entity: Azure SQL Database
CloudGuard Rule ID: D9.AZU.MON.52
Covered by Spectral: Yes
Category: Database


SQLDB should have auditing.state='Enabled'


From Portal

  1. Sign in to Azure Management Console
  2. Go to 'SQL Database'
  3. For each Database, click on Auditing under Security.
  4. Set Enable Azure SQL Auditing is set to On
  5. Select Save.

From TF
Set the 'enabled' arguments under 'azurerm_mssql_database_extended_auditing_policy' as below:

resource "azurerm_mssql_database_extended_auditing_policy" "example" {
	enabled                 = "true"
	storage_endpoint        = "azurerm_storage_account.example.primary_blob_endpoint"

From Command Line

az sql db audit-policy update --resource-group RESOURCEGROUPNAME --name SERVERNAME --state Enabled --bsts Enabled --storage-account STORAGEACCOUNTNAME


  1. https://learn.microsoft.com/en-us/azure/azure-sql/database/auditing-overview?view=azuresql
  2. https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/sql_database
  3. https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/mssql_database_extended_auditing_policy#enabled
  4. https://learn.microsoft.com/en-us/cli/azure/sql/db/audit-policy?view=azure-cli-latest#az-sql-db-audit-policy-update

Azure SQL Database

Azure SQL Database is the intelligent, fully managed relational cloud database service that provides the broadest SQL Server engine compatibility, so you can migrate your SQL Server databases without changing your apps. Accelerate app development and make maintenance easy and productive using the SQL tools you love to use. Take advantage of built-in intelligence that learns app patterns and adapts to maximize performance, reliability, and data protection.

Compliance Frameworks

  • AZU PCI-DSS 4.0
  • Azure CIS Foundations v. 1.3.1
  • Azure CIS Foundations v. 1.4.0
  • Azure CloudGuard Best Practices
  • Azure ITSG-33
  • Azure NIST 800-53 Rev 5
  • CloudGuard Azure All Rules Ruleset