Google SQL Servers Which Do Not Have Azure Active Directory Admin Configured

Checks to ensure that SQL servers are configured with Active Directory admin authentication. Azure Active Directory authentication is a mechanism of connecting to Microsoft Azure SQL Database and SQL Data Warehouse by using identities in Azure Active Directory (Azure AD). With Azure AD authentication, you can centrally manage the identities of database users and other Microsoft services in one central location.

Policy Details

Policy Subtype
Run, Build
Severity
Medium
Template Type
Terraform

Build Rules

SQL servers which do not have Azure Active Directory admin configured.
JSON Query:
$.resource.*.azurerm_sql_server size greater than 0 and ($.resource.*.azurerm_sql_active_directory_administrator size equals 0)
Recommendation:
Recommended solution to ensure that SQL servers are configured with Active Directory admin authentication.
Ensure that SQL servers are configured with Active Directory admin authentication. Please make sure if your template have "azurerm_sql_active_directory_administrator" defined.
For example:
{ "azurerm_sql_active_directory_administrator": [ { "<sql_active_directory_administrator_name>": [ { "login": "sqladmin", "object_id": "${data.azurerm_client_config.current.object_id}", "resource_group_name": "${azurerm_resource_group.example.name}", "server_name": "${azurerm_sql_server.example.name}", "tenant_id": "${data.azurerm_client_config.current.tenant_id}" } ] } ] }

Run Rule Recommendation

  1. Login to Azure Portal.
  2. Click on All services (Left Panel).
  3. Click on SQL servers (under 'DATABASES').
  4. Select reported each SQL server.
  5. Click on Active Directory admin (under 'SETTINGS').
  6. Click on Set admin.
  7. Select an AD account.
  8. Click on Select.
  9. Click on Save.

Compliance

There are 10 standards that are applicable to this policy:
  • NIST 800-53 Rev4
  • HITRUST CSF v9.3
  • NIST CSF
  • ISO 27001:2013
  • CIS v1.1 (Azure)
  • CSA CCM v3.0.1
  • SOC 2
  • PIPEDA
  • PCI DSS v3.2
  • CCPA 2018

Recommended For You