azure-sdk-for-net icon indicating copy to clipboard operation
azure-sdk-for-net copied to clipboard

Published 20 hours ago verified publisher icon Azure

[FEATURE REQ] SqlDatabaseResource.ExportAsync() / DatabaseExportDefinition to allow Managed Identity

Open johnburgato opened this issue 2 months ago • 3 comments

Library name

Azure.ResourceManager.Sql

Please describe the feature.

Currently, the DatabaseExportDefinition class constructor will only accept an Azure Storage access key and SQL Server username and password.

Two of the recommendations from Microsoft Defender for Cloud are: "Storage accounts should prevent shared key access" and "Azure SQL Database should have Azure Active Directory Only Authentication enabled". Both of these are considered "critical" recommendations.

We have a WebJob that triggers a database export each night, which I don't think is an un-common scenario. With the export functionality as it is, we could not possibly achieve the two recommendations of Microsoft Defender for Cloud. This seems especially important on the destination storage account, because it contains customer data in .bacpac files not protected in any other way.

johnburgato avatar Jun 27 '24 13:06 johnburgato