Severity Framework
Snyk CCSS
Rule category
IAM / Usage
Is your enviroment affected by this misconfiguration?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsFrameworks
CIS-Azure
- Snyk ID SNYK-CC-00702
- credit Snyk Research Team
Description
Azure Active Directory authentication for SQL Database uses Azure AD identities, providing an alternative to SQL Server authentication. This helps centralize permission management, reduces proliferation of identities, and eliminates the need to store more passwords.
How to fix?
SQL Server Active Directory Admin should be configured.
Example Configuration
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"type": "Microsoft.Sql/servers",
"apiVersion": "2020-02-02-preview",
"name": "allowed702",
"location": "West Europe",
"properties": {
"administratorLogin": "4dm1n157r470r",
"administratorLoginPassword": "4-v3ry-53cr37-p455w0rd",
"version": "12.0"
}
},
{
"type": "Microsoft.Sql/servers/administrators",
"apiVersion": "2020-02-02-preview",
"name": "allowed702/activeDirectory",
"location": "West Europe",
"dependsOn": [
"[resourceId('Microsoft.Sql/servers', 'allowed702')]"
],
"properties": {
"administratorType": "ActiveDirectory",
"login": "sqladmin",
"sid": "19f30f3a-1b04-4a63-99d3-fc482217efba",
"tenantId": "[subscription().tenantId]"
}
},
]
}