Ensure that Azure Active Directory authentication is configured to allow you to centrally manage identity and access to your Microsoft Azure SQL database servers by using an Active Directory administrator.
This rule resolution is part of the Conformity Security & Compliance tool for Azure.
Azure Active Directory (AAD) authentication represents an instrument that is used to connect to Microsoft Azure SQL databases and SQL data warehouses using identities available within Active Directory. With Azure AAD authentication, identities of database users and other Microsoft services can be managed in one central location. Central ID management provides a single place to manage SQL database users and simplifies permission management. The AAD authentication feature benefits include:
Providing a secure alternative to SQL database server authentication;
Help to reduce the proliferation of user identities across Azure SQL database servers;
Handling password rotation in a single place;
Eliminating the need for storing passwords by enabling integrated Windows authentication and other forms of authentication supported by Azure Active Directory (AAD);
Allowing customers to manage database permissions using external AAD groups;
Allowing token-based authentication for applications connecting to Azure SQL databases;
Providing support for ADFS (domain federation) or native user/password authentication for a local Azure Active Directory without domain synchronization;
Allowing connections from SQL Server Management Studio that use Active Directory Universal Authentication, which includes Multi-Factor Authentication (MFA);
Allowing similar connections from SQL Server Data Tools (SSDT) that use Active Directory Interactive Authentication.
Audit
To determine if an Active Directory administrator is configured for SQL authentication within your Azure SQL database server settings, perform the following actions:
Remediation / Resolution
To configure an Azure Active Directory (AAD) administrator for SQL authentication and access to your Microsoft Azure SQL database servers, perform the following actions:
References
- Azure Official Documentation
- Use Azure Active Directory Authentication for authentication with SQL
- CIS Microsoft Azure Foundations
- Azure Command Line Interface (CLI) Documentation
- SQL
- Get-AzSqlServer
- Get-AzSqlServerActiveDirectoryAdministrator
- Set-AzSqlServerActiveDirectoryAdministrator
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Use Azure Active Directory Admin for SQL Authentication
Risk Level: Medium