Policy: Azure > SQL > Server > Auditing > Storage Account

Define the storage account for server audit logs.

The storage account name or primary blob endpoint is required.

Premium storage and hierarchical namespace for Azure Data Lake Storage Gen2 storage account is currently not supported.

any of these examples are valid: teststorageaccount https://teststorageaccount.blob.core.windows.net/ https://teststorageaccount.blob.core.usgovcloudapi.net/ https://teststorageaccount.blob.core.chinacloudapi.cn/ Note: To avoid cross-region reads/writes of audit records, Azure highly recommends to use storage and server located in the same region.

Resource Types

This policy targets the following resource types:

Azure > SQL > Server

Primary Policy

This policy is used with the following primary policy:

Azure > SQL > Server > Auditing

Controls

Azure > SQL > Server > Auditing

Policy Packs

This policy setting is used by the following policy packs:

Azure CIS v2.0.0 - Section 4 - Database Services

Policy Specification

Schema Type	`string`
Examples [YAML]	https://sqlva5njk5n7qwh4my.blob.core.windows.net/

In Your Workspace

Policy Settings by Type report

Developers

Category URI

tmod:@turbot/turbot#/control/categories/resourceLogging

Policy Type URI

tmod:@turbot/azure-sql#/policy/types/serverAuditingStorageAccount

GraphQL

query policyType(id: "tmod:@turbot/azure-sql#/policy/types/serverAuditingStorageAccount") { … }

query policySettings(filter: "policyTypeId:'tmod:@turbot/azure-sql#/policy/types/serverAuditingStorageAccount'") { … }

query policyValues(filter: "policyTypeId:'tmod:@turbot/azure-sql#/policy/types/serverAuditingStorageAccount'") { … }

CLI

Get Policy Type

turbot graphql policy-type --id "tmod:@turbot/azure-sql#/policy/types/serverAuditingStorageAccount"

Get Policy Settings

turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/azure-sql#/policy/types/serverAuditingStorageAccount"