< Back

Set-AzureRmSqlServerAuditing

Tue Jan 29, 2019 10:10 pm

NAME Set-AzureRmSqlServerAuditing



SYNOPSIS

Changes the auditing settings of an Azure SQL server.





SYNTAX

Set-AzureRmSqlServerAuditing [-ResourceGroupName] <String> [-ServerName] <String> [-AuditActionGroup {BATCH_STARTED_GROUP | BATCH_COMPLETED_GROUP

| APPLICATION_ROLE_CHANGE_PASSWORD_GROUP | BACKUP_RESTORE_GROUP | DATABASE_LOGOUT_GROUP | DATABASE_OBJECT_CHANGE_GROUP |

DATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP | DATABASE_OBJECT_PERMISSION_CHANGE_GROUP | DATABASE_OPERATION_GROUP | AUDIT_CHANGE_GROUP |

DATABASE_PERMISSION_CHANGE_GROUP | DATABASE_PRINCIPAL_CHANGE_GROUP | DATABASE_PRINCIPAL_IMPERSONATION_GROUP | DATABASE_ROLE_MEMBER_CHANGE_GROUP |

FAILED_DATABASE_AUTHENTICATION_GROUP | SCHEMA_OBJECT_ACCESS_GROUP | SCHEMA_OBJECT_CHANGE_GROUP | SCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP |

SCHEMA_OBJECT_PERMISSION_CHANGE_GROUP | SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP | USER_CHANGE_PASSWORD_GROUP}] [-DefaultProfile

<IAzureContextContainer>] [-PassThru] [-RetentionInDays <UInt32>] -State {Enabled | Disabled} [-StorageAccountName <String>] [-StorageKeyType

{Primary | Secondary}] [-Confirm] [-WhatIf] [<CommonParameters>]





DESCRIPTION

The Set-AzureRmSqlServerAuditing cmdlet changes the auditing settings of an Azure SQL server. To use the cmdlet, use the ResourceGroupName and

ServerName parameters to identify the server. Specify the StorageAccountName parameter to specify the storage account for the audit logs and the

StorageKeyType parameter to define the storage keys. Use the State parameter to enable/disable the policy.



You can also define retention for the audit logs by setting the value of the RetentionInDays parameter to define the period for the audit logs.



After the cmdlet runs successfully, auditing of the Azure SQL databases that are defined in the specified Azure SQL server is enabled. If the

cmdlet succeeds and you use the PassThru parameter, it returns an object describing the current blob auditing policy in addition to the server

identifiers. Server identifiers include, but are not limited to, ResourceGroupName and ServerName .





PARAMETERS

-AuditActionGroup <AuditActionGroups[]>

The recommended set of action groups to use is the following combination - this will audit all the queries and stored procedures executed

against the database, as well as successful and failed logins:



"BATCH_COMPLETED_GROUP",

"SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP",

"FAILED_DATABASE_AUTHENTICATION_GROUP"

This above combination is also the set that is configured by default. These groups cover all SQL statements and stored procedures executed

against the database, and should not be used in combination with other groups as this will result in duplicate audit logs. For more

information, see https://docs.microsoft.com/en-us/sql/re ... ns#databas

e-level-audit-action-groups.



Required? false

Position? named

Default value None

Accept pipeline input? True (ByPropertyName)

Accept wildcard characters? false



-DefaultProfile <IAzureContextContainer>

The credentials, account, tenant, and subscription used for communication with azure.



Required? false

Position? named

Default value None

Accept pipeline input? False

Accept wildcard characters? false



-PassThru [<SwitchParameter>]

{{Fill PassThru Description}}



Required? false

Position? named

Default value False

Accept pipeline input? False

Accept wildcard characters? false



-ResourceGroupName <String>

The name of the resource group.



Required? true

Position? 0

Default value None

Accept pipeline input? True (ByPropertyName)

Accept wildcard characters? false



-RetentionInDays <UInt32>

The number of retention days for the audit logs.



Required? false

Position? named

Default value None

Accept pipeline input? True (ByPropertyName)

Accept wildcard characters? false



-ServerName <String>

SQL server name.



Required? true

Position? 1

Default value None

Accept pipeline input? True (ByPropertyName)

Accept wildcard characters? false



-State <String>

The state of the policy.



Required? true

Position? named

Default value None

Accept pipeline input? True (ByPropertyName)

Accept wildcard characters? false



-StorageAccountName <String>

The name of the storage account. Wildcard characters are not permitted.

This parameter is not required.

If you do not specify this parameter, the cmdlet uses the storage account that was defined previously as part of the auditing policy.

If this is the first time an auditing policy is defined and you do not specify this parameter, the cmdlet fails.



Required? false

Position? named

Default value None

Accept pipeline input? True (ByPropertyName)

Accept wildcard characters? false



-StorageKeyType <String>

Specifies which of the storage access keys to use.



Required? false

Position? named

Default value None

Accept pipeline input? True (ByPropertyName)

Accept wildcard characters? false



-Confirm [<SwitchParameter>]

Prompts you for confirmation before running the cmdlet.



Required? false

Position? named

Default value False

Accept pipeline input? False

Accept wildcard characters? false



-WhatIf [<SwitchParameter>]

Shows what would happen if the cmdlet runs. The cmdlet is not run.



Required? false

Position? named

Default value False

Accept pipeline input? False

Accept wildcard characters? false



<CommonParameters>

This cmdlet supports the common parameters: Verbose, Debug,

ErrorAction, ErrorVariable, WarningAction, WarningVariable,

OutBuffer, PipelineVariable, and OutVariable. For more information, see

about_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216).



INPUTS

None

This cmdlet does not accept any input.





OUTPUTS

Microsoft.Azure.Commands.Sql.Security.Model.ServerBlobAuditingSettingsModel







NOTES









Example 1: Enable the auditing policy of an Azure SQL server



PS C:\\>Set-AzureRmSqlServerAuditing -State Enabled -ResourceGroupName "ResourceGroup01" -ServerName "Server01" -StorageAccountName "Storage22"









Example 2: Disable the auditing policy of an Azure SQL server



PS C:\\>Set-AzureRmSqlServerAuditing -State Disabled -ResourceGroupName "ResourceGroup01" -ServerName "Server01"











RELATED LINKS

Online Version: https://docs.microsoft.com/en-us/powers ... erauditing