Versions Compared

Old Version 3

changes.mady.by.user Rodrigo Rivero

Saved on

compared with

New Version 4

changes.mady.by.user Rodrigo Rivero

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

SQL Compliance Manager displays a refined architecture that permits registering Azure Managed Instances. In this process the CM Agent communicates with the SQL Instance and, using T-SQL instructs to emit the desired audit records into an Azure Blob Container.

Note
titleImportant notes on Azure MI auditing

  • Each CM Agent virtual machine should not have a greater number of CM AzureSQL Agents deployed into it than the number of cores in the virtual machine.

  • For a large number of monitored Azure Manage Instances, multiple CM Agent virtual machines will be required.

Prerequisites

  1. SQL Compliance Manager 7.0 installed on a machine.
  2. Azure SQL Managed instance .
  3. Blob storage account with container and SAS token for access. For the blob storage make sure that:
    1. Default access tier is "Hot".
    2. It's best practice for the Storage Account to be located in the same region where the monitoring SQL instance will be (e.g. North Europe).
    3. Ensure the "Enable storage account key access" setting is checked. The option is available during creation, or under the "Configuration" blade afterward.
    4. Make sure that the storage account is accessible from the SQL-managed instance.
    5. When generating a Shared Access Signature, make sure its expiry is sufficient in the future. Upon expiry, the SAS token must be updated from the SQL Server itself.

...