Avoid using names like 'Admin' for an Azure SQL Server Active Directory Administrator account

Configure one Azure Active Directory account, either an individual or Network Security Group account, as an administrator. It is not necessary to configure an Azure AD administrator, but an Azure AD administrator must be configured if you want to use Azure AD accounts to connect to SQL Databases.It is recommended to avoid using names like 'admin' or 'administrator', which are targeted in brute force dictionary attacks.

Risk Level: Low
Cloud Entity: Azure Active Directory
CloudGuard Rule ID: D9.TF.AZU.IAM.04
Covered by Spectral: No
Category: Security, Identity, & Compliance

GSL LOGIC

azurerm_sql_active_directory_administrator should not have login regexMatch /admin|Admin/

REMEDIATION

From TF
Set the 'login' argument under 'azurerm_sql_active_directory_administrator' as below:

resource "azurerm_sql_active_directory_administrator" "example" {
	...
	login               = "NAME"
	...
}

References:

  1. https://docs.microsoft.com/en-us/azure/azure-sql/database/authentication-aad-overview
  2. https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/sql_active_directory_administrator

Azure Active Directory

Azure Active Directory (Azure AD) is Microsoft���s cloud-based identity and access management service, which helps your employees sign in and access resources in external resources and internal res

Compliance Frameworks

  • Azure Terraform Ruleset