SQL Server auditing - authentication via User-assigned Managed Identity to storage behind Private Endpoint

Open kamilzzz opened this issue 3 years ago • 0 comments

Auditing limitation section (https://learn.microsoft.com/en-us/azure/azure-sql/database/auditing-overview?view=azuresql#auditing-limitations) says:

User managed identity authentication type for enabling auditing to storage behind firewall is not currently supported.

What about storage account behind Private Endpoint with public access disabled. I was expecting it to not work as per the above statement.

But I have SQL Server with both System and User managed identities. When configuring SQL Server auditing using Azure Portal I noticed it assigned Storage Blob Data Contributor role to User-assigned Managed Identity. After looking at my storage account, I can confirm audit logs are being written correctly.

Document Details

⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.

ID: f78b9024-9b93-51d0-2c37-de829bd43423
Version Independent ID: d0c40630-1219-eed1-67be-f22365aa7f00
Content: Azure SQL Auditing for Azure SQL Database and Azure Synapse Analytics - Azure SQL Database
Content Source: azure-sql/database/auditing-overview.md
Service: sql-database
Sub-service: security
GitHub Login: @sravanisaluru
Microsoft Alias: srsaluru

Dec 16 '22 11:12 kamilzzz