Data Platform Tips 13 - Auditing on Azure SQL Database

Azure SQL provides both server level as well as database level auditing. Auditing tracks database events and records them in Blob storage, Log Analytics or Event Hubs.

a) Logon to the Azure Portal. Refer steps a) and b) for creation of resource group and Azure SQL Database.

b) Navigate to the resource group "AAD-SQL" and to the "aad-azuresql" SQL Server and click on "Auditing".

c) Turn "Auditing" On at server level and configure the blob storage to capture the audit events.

d) Navigate to the "sampledb" database on the Azure SQL Server and click on "Auditing" and turn on Database level Auditing along with configuring Blob storage to store the Database level audit events.

e) Once configured you can navigate between Server level Auditing events and Database level Auditing events as shown below.

Note from Microsoft Docs

You should avoid enabling both server blob auditing and database blob auditing together, unless:

• You want to use a different storage account or retention period for a specific database.
• You want to audit event types or categories for a specific database that differ from the rest of the databases on the server. For example, you might have table inserts that need to be audited only for a specific database.

Otherwise, we recommended that you enable only server-level blob auditing and leave the database-level auditing disabled for all databases.

More information on Azure SQL Database Auditing