Azure SQL Managed Instance must be able to generate audit records when access to objects occur.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-276263 | SRG-APP-000507-DB-000356 | MSQL-00-015300 | SV-276263r1150070_rule | 2025-10-07 | 1 |
| Description |
|---|
| Without tracking all or selected types of access to all or selected objects (tables, views, procedures, functions, etc.), it would be difficult to establish, correlate, and investigate the events relating to an incident, or identify those responsible for one. In an Azure SQL Managed Instance environment, types of access include, but are not necessarily limited to: SELECT INSERT UPDATE DELETE EXECUTE Satisfies: SRG-APP-000507-DB-000356, SRG-APP-000507-DB-000357 |
| ℹ️ Check |
|---|
| Review Azure SQL Managed Instance configuration to verify audit records are produced when successful accesses to objects occur. Run this TSQL command to determine if SQL Auditing AuditActionGroups are configured: SELECT a.name AS 'AuditName', s.name AS 'SpecName', d.audit_action_name AS 'ActionName', d.audited_result AS 'Result' FROM sys.server_audit_specifications s JOIN sys.server_audits a ON s.audit_guid = a.audit_guid JOIN sys.server_audit_specification_details d ON s.server_specification_id = d.server_specification_id WHERE a.is_state_enabled = 1 AND d.audit_action_name = 'SCHEMA_OBJECT_ACCESS_GROUP' If no values are listed for AuditActionGroups, this is a finding. |
| ✔️ Fix |
|---|
| Deploy an Azure SQL Managed Instance audit. Refer to the supplemental file "AzureSQLMIAudit.sql" script. Reference: https://learn.microsoft.com/en-us/azure/azure-sql/managed-instance/auditing-configure?view=azuresql-mi |