Hi, I am trying to automate performing CIS benchmark compliance check on SQL managed instance resources. I manage to successfully use Az CLI or powershell modules to perform the checks for SQL DB and PostgreSQL. Some of the commands are below, and they are using servername as one of the parameter, but i guess SQL managed instance dont have anything as server name to pass as input parameter. Can someone please help which commands to use to check Audit / Advance Threat Protection settings for SQL managed instance (on instance level, not on database level).
- Check Auditing Set to 'On'
CLI Command: az sql server audit-policy show --ids "resourceID"
- Check Data Encryption Set to 'On'
CLI Command: az sql db tde show --ids "resourceID"
- Ensure Audit Retention is greater than 90 days
CLI Command: az sql server audit-policy show --ids "resourceID"