Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Obtain BLOB storage URL and SAS key.
  2. Azure blob storage credentials obtained from Step 1 need to be added to the managed instance to allow it to save audit files to the blob storage. 
    1. Connect to your managed instance via SQL Management Studio or any other supported tool.
    2. Execute the following T-SQL statement to create a new credential using the container URL and SAS token:
      CREATE CREDENTIAL [<container_url>]
      WITH IDENTITY='SHARED ACCESS SIGNATURE',
      SECRET = '<SAS KEY>'
      GO
  3. Start the SQLCM console, go to the Explore Activity tab, and right-click on Audited SQL Servers to add a New Registered SQL Server.



  4. From the Server Type menu select Azure SQL Managed Instance. In the SQL Server field enter the URL of the managed instance followed by the port.



  5. Click on the Next button and choose the type of authentication against the Managed Instance and enter the user credentials for Azure SQL.



  6. Click next and specify the blob connection details. For Blob Name, you can enter the container's name.



  7. You can use the Test Connection button to verify that SQLCM can successfully connect to the blob storage.



  8. Click the Next button and on the next screen enter the host where you want to deploy the SQL CM agent for this managed instance. For deploying on the machine where you have the SQL CM console installed you can specify the hostname and for remote deployment please enter the remote machine’s IP address.



  9. Click the Next button and choose the deployment option.



  10. Click the Next button and provide the credentials for the service account that should be running the SQL CM agent for the particular managed instance.



  11. Click the Next button and specify the trace directory where the agent should place the audit files.



  12. Click the Next button to initiate the deployment of the agent.



  13. Once deployment of the agent completes you will be presented with the list of the databases which exist on the server to choose which ones you may want to audit.



  14. Select the databases for auditing and click the Next button to specify the Audit Collection Level.



  15. Click on the Next button and the permissions check will run.



  16. Click the Next button for a summary of the settings for the newly added Azure SQL Managed Instance.



  17. Click the Finish button to complete the process. Once completed you should see the new Managed Instance listed in the Audited SQL Servers list in the Explore Activity tab.


...