Azure SQL Auditing to a storage account destination behind a Virtual Network or a Firewall

We are pleased to announce that Auditing for Database and Azure Synapse Analytics supports writing database events to an Azure account behind a virtual and .

We have been listening to customers around the need to store audit log in a secure location, and we are excited to announce that writing database events via Audit to a Account destination behind VNET and is now generally available. This newly supported capability is delivered to you seamlessly and doesn't require additional configurations and setting, keeping Auditing deployment simple and easy.

To save audit logs to a Storage Account that is behind a VNet of :

  1. Open your Azure SQL Server or Azure SQL Database, and select Auditing under Security:


2. Click on Storage details and select the storage account behind a VNet or Firewall you want to send the SQL logs. When selecting the Storage Account, ensure you see the message:

You have selected a storage account that is behind a firewall or in a virtual Using this storage account will enable the setting ‘Allow trusted Microsoft services to access this storage account' and will create a server managed identity with the ‘storage blob data contributor' RBAC-role assigned. Click here for more information.


3. Select OK and wait for the confirmation on your Azure notifications.

To learn more, visit Azure SQL Auditing and Write audit to a storage account behind VNet and firewall.


This article was originally published by Microsoft's Secure Blog. You can find the original article here.