Azure MySQL flexible server should have Entra Only Authentication enabled [security][Medium]

[emirgens]

Disabling local authentication methods and allowing only Azure Active Directory Authentication improves security by ensuring that Azure MySQL flexible server can exclusively be accessed by Azure Active Directory identities. Affected: Grafana MySQL database

• [ ] Fix the authentication of the Grafana database

Manual remediation: To enable Azure Active Directory Only Authentication for Azure MySQL flexible server:

1. In Azure Portal, open your Azure MySQL Flexible Server.
2. Click on 'Authentication' on the left pane.
3. In 'Assign access to' under the 'Authentication' section select the 'Azure Active Directory authentication only' option and click 'Save'.
4. To complete the configuration, once the change is deployed you will need to go to the 'Select identity' section and supply a user assigned managed identity with the permissions User.Read.All, GroupMember.Read.All and Application.Read.ALL.
5. Assign an Azure AD admin under the 'Azure Active Directory Administrators (Azure AD Admins)' section and click 'Save'.