Ensures that SQL Server Auditing retention policy is set to greater than 90 days
Enabling SQL Server Auditing ensures that all activities are being logged properly, including potentially-malicious activity. Having a long retention policy ensures that all logs are kept for auditing and legal purposes.
Follow the appropriate remediation steps below to resolve the issue.
Log in to the Microsoft Azure Management Console.
Select the “Search resources, services, and docs” option at the top and search for “SQL servers”.
On the “SQL server” page, select the SQL server that needs to be examined.
On the selected “SQL server” page, scroll down the left navigation panel and select “Auditing” under “Security”.
On the “Auditing” page, scroll down to “Audit log destination” and click on Advanced properties" under “Storage”.
If the Retention (Days)is set to zero then audit logs are not being retained.
To ensure that the storage account retention policy for each SQL server is set to greater than 90 days, drag the slider or type 365 in the text box.
Click on “Save” at the top to make the necessary changes.
Repeat steps 3-8 to ensure that SQL Server Auditing retention policy is set to greater than 90 days.