Documentation - V-276265

Title

Azure SQL Managed Instance must store audit records in an immutable blob storage container for an organizationally defined period of time.

Description

<VulnDiscussion>Information stored in one location is vulnerable to accidental or incidental deletion or alteration. When configured and enabled, Azure SQL Managed Instance only supports writing audit records to a container within an Azure Blob Storage Account. To mitigate the risk associated with maintaining a single copy of this audit data, the blob container used to store the audit data generated by this Azure SQL Managed Instance must be protected by an immutable policy. This policy must be ...

Fix Text (Documentation Requirement)

Use the following script to query the Azure Storage Account(s) for any SQL Audits configured: SELECT name, log_file_path AS storage_container FROM sys.server_file_audits Note: The "storage_container" value includes both the Azure Storage Account name and the blob container. This value uses the format https://<Azure Storage Account Name>.blob.core.usgovcloudapi.net//. For each of the Azure Storage Accounts discovered above, enable an immutable blob storage policy for the blob container to which audit data is written. 1. Log in to the Azure Portal. 2. In the search box at the top, type "Storage Accounts" and select the search result. 3. Locate and click the name of the Azure Storage Account utilized by the Azure SQL Managed Instance. 4. In the left column, select "Containers". 5. Se...