Auditing Microsoft support operations

Applies to: Azure SQL Database Azure Synapse Analytics

Auditing of Microsoft support operations for your logical server in Azure SQL Database allows you to audit Microsoft support engineers' operations when they need to access your server during a support request. The use of this capability, along with your auditing, enables more transparency into your workforce and allows for anomaly detection, trend visualization, and data loss prevention.

Auditing of Microsoft support operations includes the following set of action groups, which audit all queries executed against the database, as well as successful and failed logins by Microsoft support engineers:

  • BATCH_COMPLETED_GROUP
  • SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP
  • FAILED_DATABASE_AUTHENTICATION_GROUP

Enable auditing

To enable auditing of Microsoft support operations, Go to the Azure portal.Navigate to Auditing under the Security heading in your Azure SQL server pane, and switch Enable Auditing of Microsoft support operations to ON.

Screenshot of Microsoft support operations in the Azure portal.

To review the audit logs of Microsoft support operations in your Log Analytics workspace, use the following query:

AzureDiagnostics
| where Category == "DevOpsOperationsAudit"

You have the option of choosing a different storage destination for this auditing log, or use the same auditing configuration for your server.

Screenshot of Auditing configuration for auditing Microsoft support operations.

See also