Azure CLI or Powershell Commands to Perform CIS Benchmark Checks on SQL Managed Instance

GOWTHAM SIVANESAN MURALI 1 Reputation point
2021-11-12T07:08:10.847+00:00

Hi, I am trying to automate performing CIS benchmark compliance check on SQL managed instance resources. I manage to successfully use Az CLI or powershell modules to perform the checks for SQL DB and PostgreSQL. Some of the commands are below, and they are using servername as one of the parameter, but i guess SQL managed instance dont have anything as server name to pass as input parameter. Can someone please help which commands to use to check Audit / Advance Threat Protection settings for SQL managed instance (on instance level, not on database level).

  1. Check Auditing Set to 'On'

CLI Command: az sql server audit-policy show --ids "resourceID"

  1. Check Data Encryption Set to 'On'
    CLI Command: az sql db tde show --ids "resourceID"
  2. Ensure Audit Retention is greater than 90 days
    CLI Command: az sql server audit-policy show --ids "resourceID"
Azure SQL Database
{count} votes

2 answers

Sort by: Most helpful
  1. Oury Ba-MSFT 20,186 Reputation points Microsoft Employee
    2021-11-17T16:25:57.327+00:00

    Hi @GOWTHAM SIVANESAN MURALI We engaged documentation and engineering team to help with this. SQL MI does shave PowerShell script to check audit/ Advance Threat Protection. I am working with our product team to enhance the doc.

    Thanks for the patience and for bringing this into our attention

    Regards,
    Oury

    0 comments No comments

  2. Oury Ba-MSFT 20,186 Reputation points Microsoft Employee
    2021-11-17T16:38:46.067+00:00

    Hi @GOWTHAM SIVANESAN MURALI

    Until officially available, could you please use az cli to accomplish the above:

    150263-image.png

    Regards,
    Oury


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.