AD admin not configured for SQL server

Ce produit n'est pas pris en charge par le site Datadog que vous avez sélectionné. ().
Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

Metadata

Id: b176e927-bbe2-44a6-a9c3-041417137e5f

Cloud Provider: Azure

Platform: Ansible

Severity: Medium

Category: Insecure Configurations

Learn More

Description

SQL servers should have an Active Directory administrator configured to enforce centralized identity, stronger authentication, and auditable access controls. Relying solely on SQL authentication increases the attack surface and makes access management and auditing more difficult. For Ansible, tasks using the azure.azcollection.azure_rm_sqlserver or azure_rm_sqlserver module must define the ad_user property and set it to a valid Azure AD principal (for example, a user UPN or objectId). Resources missing ad_user or with it empty or undefined are flagged.

Secure example:

- name: Create Azure SQL Server with AD admin
  azure.azcollection.azure_rm_sqlserver:
    name: my-sql-server
    resource_group: my-rg
    location: eastus
    ad_user: "adminuser@contoso.com"
    admin_password: "secure-password"

Compliant Code Examples

- name: Create (or update) SQL Server
  azure_rm_sqlserver:
    resource_group: myResourceGroup
    name: server_name
    location: westus
    admin_username: mylogin
    admin_password: Testpasswordxyz12!
    ad_user: sqladmin

Non-Compliant Code Examples

---
- name: Create (or update) SQL Server
  azure_rm_sqlserver:
    resource_group: myResourceGroup
    name: server_name
    location: westus
    admin_username: mylogin
    admin_password: Testpasswordxyz12!