Blog

User Managed Identity support for Auditing SQL Azure database:

 

Auditing for Azure SQL database has started supporting User Managed Identity. Auditing can be configured to Storage account using two authentication methods, managed identity and storage access keys. For managed identity you can use system managed identity or user managed identity. To know more about UMI in azure refer here 

 

To configure writing audit logs to a storage account, select Storage when you get to the Auditing section. Select the Azure storage account where logs will be saved, you can use two storage authentication types i.e., managed identity and storage access keys.  

For managed identity, we support system and user managed identity.

 

By default, it picks primary user identity that is assigned to the server, if there is no user identity then it will create system assigned identity and use it for authentication purpose. 

select the retention period by opening Advanced properties. Then click Save. Logs older than the retention period is deleted. 

 

 Note 

The user managed identity authentication type for enabling auditing to storage behind VNet/Firewall is not currently supported. 

 

 

 

 

 

 

Review the identity blade for your Azure database, you can see there is one primary identity configured  

 

 

 

 To configure Auditing using User managed Identity, follow the below steps  

 

Create a user managed identity and assign it to the server (User-assigned managed identity in Azure AD for Azure SQL – Azure SQL Database & Azure SQL Managed Instance | Microsoft Docs) 
Go to the desired storage account where auditing needs to send logs to and assign the ‘Storage Blob Data Contributor’ RBAC to the user managed identity previously assigned to the server.  
Assign Azure roles using the Azure portal – Azure RBAC | Microsoft Docs 
Only after the above-mentioned role is assigned to the user managed identity, enable auditing using the Storage Authentication Type as managed identity  

 If there is no user managed identity created, then by default it will use system identity. For system managed identity, when you configure auditing to storage account and select managed identity it will create system managed identity and grant required permissions to access storage account, no user action required.  

 

 

 

 

 

No Comments

Leave a Reply

Cisco & Panasonic to Demonstrate Innovation in IP Video Processing at IBC 2022Building the Lakehouse – Implementing a Data Lake Strategy with Azure Synapse

Contact Us

We are always here to help. Please reach out to us and we'll get back to you as soon as possible.

Address:

Maruti Court, Ground Floor
Mvuli Road, Nairobi, Kenya

Phone:

+254716973110

Hours:

Mon-Fri 8am – 5pm
Sat 9am – 1am
Sun & Holidays Closed




    Generated by Feedzy