Azure SQL Database Auditing Reading JSON

Question

Hi Community,

I am hoping someone can help me with this question regarding reading the JSON file for an Azure SQL Database in terms of auditing. I am trying to understand how I can find out who may have disabled server level auditing, but in reading the JSON file, its not apparent what the operation type for for type of change. I can only see these blocks, which don't provide the type of "write" operation (e.g., auditing enabled OR auditing disabled).

/subscriptions/xxxx/resourcegroups/RG/providers/microsoft.sql/servers/xxxx/auditingsettings/default

Microsoft.Sql/servers/auditingSettings/write

Any help would be very appreciated, thanks!

Phillip Cox

Answer 1

@Cox, Phillip Thank you for reaching out.

The JSON file you are looking at is an Azure Resource Manager (ARM) template that describes the configuration of the Azure SQL Database auditing settings. The operation type you are looking for (auditing enabled or disabled) is not explicitly recorded in the ARM template.

However, you can use the Azure Activity Log to track changes to the Azure SQL Database auditing settings. The Azure Activity Log records all management operations that are performed on Azure resources, including changes to the auditing settings.

The activity logs are stored for 90 days only, you will get below details.

Hope that helps.

Please don't forget to mark as accept answer if the reply was helpful.

Regards,

Oury