Control: An Azure Active Directory administrator should be provisioned for SQL servers
Description
Audit provisioning of an Azure Active Directory administrator for your SQL server to enable Azure AD authentication. Azure AD authentication enables simplified permission management and centralized identity management of database users and other Microsoft services.
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.sql_server_azure_ad_authentication_enabledSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.sql_server_azure_ad_authentication_enabled --shareSQL
This control uses a named query:
with sever_with_ad_admin as ( select distinct a.id from azure_sql_server as a, jsonb_array_elements(server_azure_ad_administrator) as ad_admin where ad_admin ->> 'type' = 'Microsoft.Sql/servers/administrators')select a.id as resource, case when s.id is not null then 'ok' else 'alarm' end as status, case when s.id is not null then a.name || ' azure AD authentication enabled.' else a.name || ' azure AD authentication disabled.' end as reason , a.resource_group as resource_group , sub.display_name as subscriptionfrom azure_sql_server as a left join sever_with_ad_admin as s on a.id = s.id, azure_subscription as subwhere sub.subscription_id = a.subscription_id;