Page History

...

1. SQL Compliance Manager 7.0 installed on a machine.
2. Azure SQL Managed instance .
3. Blob storage account with container and SAS token for access. For the blob storage make sure that:
1. Default access tier is "Hot".
2. It's best practice for the Storage Account to be located in the same region where the monitoring SQL instance will be (e.g. North Europe).
3. Ensure the "Enable storage account key access" setting is checked. The option is available during creation, or under the "Configuration" blade afterward.
4. Make sure that the storage account is accessible from the SQL-managed instance.
5. When generating a Shared Access Signature, make sure its expiry is sufficient in the future. Upon expiry, the SAS token would have to must be updated from the SQL Server itself.

...

1. Azure blob storage credentials need to be added to the managed instance to allow it to save audit files to the blob storage. 
1. Connect to your managed instance via SQL Management Studio or any other supported tool.
2. Execute the following T-SQL statement to create a new credential using the container URL and SAS token:
   

   CREATE CREDENTIAL [<container_url>]
   WITH IDENTITY='SHARED ACCESS SIGNATURE',
   SECRET = '<SAS KEY>'
   GO

2. Start the SQLCM console, go to the Explore Activity tab, and right-click on Audited SQL Servers to add a New Registered SQL Server.
   Image Added
   
3. From the Server Type menu select Azure SQL Managed Instance. In the SQL Server field enter the URL of the managed instance followed by the port.
   Image Added
   
4. Click on the Next button and choose the type of authentication against the Managed Instance and enter the user credentials for Azure SQL.
   Image Added
   
5. Click next and specify the blob connection details. For Blob Name, you can enter the container's name of the container.
   Image Added
   
6. You can use the test Connection button to verify that SQLCM can successfully connect to the blob storage.
   Image Added
   
7. Click the Next button and on the next screen enter the host where you want to deploy the SQL CM agent for this managed instance. For deploying on the machine where you have the SQL CM console installed you can specify the hostname and for remote deployment please enter the remote machine’s IP address.
   Image Added
   
8. Click the Next button and choose the deployment option.
   Image Added
   
9. Click the Next button and provide the credentials for the service account that should be running the SQL CM agent for the particular managed instance.
   Image Added
   
10. Click the Next button and specify the trace directory where the agent should place the audit files.
    Image Added
    
11. Click the Next button to initiate the deployment of the agent.
    Image Added
    
12. Once deployment of the agent completes you will be presented with the list of the databases which exist on the server to choose which ones you may want to audit.
    Image Added
    
13. Select the databases for auditing and click the Next button to specify the Audit Collection Level.
    Image Added
    
14. Click on the Next button and the permissions check will run.
    Image Added
    
15. Click the Next button to see a summary of the settings for the newly added Azure SQL Managed Instance.
    Image Added
    
16. Click the Finish button to complete the process. Once completed you should see the new Managed Instance listed in the Audited SQL Servers list in the Explore Activity tab.
    Image Added
    

...