SQL Servers
      Back to home
      1. CNS Policies
      2. Azure Knowledge Base
      3. SQL Servers

      Azure Active Directory Admin Disabled

      Risk Level: MEDIUM

      Description: 

      This plugin guarantees that all SQL servers have Active Directory admin enabled. Users may manage account admins in a central location by enabling Active Directory admin. This allows key rotation and permission management for all servers and databases to be handled in one place.

      PingSafe strongly recommends ensuring Azure Active Directory admin is enabled on all SQL servers.

      About the Service :

      Azure SQL is a set of managed, secure, and intelligent SQL Server database solutions that run in the Azure cloud. Because Azure SQL is based on the well-known SQL Server engine,  applications can be easily transferred while keeping the existing tools, languages, and resources. 

      Impact : 

      Azure Active Directory (AAD) authentication is a tool that allows you to log in to Microsoft Azure SQL databases and SQL data warehouses by utilizing Active Directory identities. Identity management for database users and other Microsoft services may be done in one place using Azure AAD authentication.

      Steps to Reproduce :

      1. Sign in to your Azure portal with your Azure account.
        https://portal.azure.com/#home 
      2. Navigate to Azure’s All Resources.
      3. In the Type filter select the value as SQL Servers and click Apply.
      4. Next, select the SQL Server that you want to examine.
      5. Click on Overview in the navigation pane.
      6. Check whether the Active Directory Admin is enabled or not. 
      7. If they show Not Configured then they are not enabled.
      8. Repeat the same steps for other servers as well.

      Steps for Remediation :

      1. Sign in to your Azure portal with your Azure account.
        https://portal.azure.com/#home 
      2. Navigate to Azure’s All Resources.
      3. In the Type filter select the value as SQL Servers and click Apply.
      4. Next, select the SQL Server that you want to examine.
      5. Click on Overview in the navigation pane.
      6. Check whether the Active Directory Admin is enabled or not.
      7. If the active directory admin is not enabled then click on Set admin in the Azure active directory under Settings.
         
      8. Add admin and click on Save.
      9. Repeat the same steps for other servers as well.

      References :

      Please feel free to reach out to support@pingsafe.ai with any questions that you may have.

      Thanks

      PingSafe Support