Skip to main content

Posts

Showing posts from 2019

Access to Azure SQL Database and Azure Key Vault using VM's system managed identity

Read about System managed Identity (SMI): https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/tutorial-windows-vm-access-arm https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/tutorial-windows-vm-access-sql https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/tutorial-windows-vm-access-nonaad Using SMI with App service to access Azure SQL databases https://azure.microsoft.com/en-us/blog/securing-azure-sql-databases-with-managed-identities-just-got-easier/ <# VM access configuration: 1. Azure Resources - NOT required if only accessing SQL DBs and not Azure resources Navigate to the tab for Resource Groups.     Select the specific Resource Group you created for your Windows VM.     Go to Access control (IAM) in the left panel.     Then Add role assignm
1 comment
Read more

How to Log into Azure SQL with Security Principal

To log into your Azure SQL Database with a Security principal do the following: Create an Azure AD security group Add this AAD group as Azure Administrator to your Azure SQL server  Obtain Access Token Connect to Azure SQL Server with the access token for step #3 use this function # # Based on # https://blogs.technet.microsoft.com/stefan_stranger/2018/06/06/connect-to-azure-sql-database-by-obtaining-a-token-from-azure-active-directory-aad/ # Function Get-AADToken { [CmdletBinding()] [OutputType([string])] PARAM ( [String]$TenantID, [string]$ServicePrincipalId, [securestring]$ServicePrincipalPwd ) Try { # Set Resource URI to Azure Database $resourceAppIdURI = 'https://database.windows.net/' # Set Authority to Azure AD Tenant $authority = 'https://login.windows.net/' + $TenantId $ClientCred = [Microsoft.IdentityModel.Clients.ActiveDirectory.ClientCredential]::new($ServicePrincipalId, $ServicePrincipalPwd) $authContext = [Microsoft.IdentityModel.Clients.Act
Post a Comment
Read more

Azure SQL databases - list login permissions

-- Execute in Master and User DB SELECT DISTINCT  @@SERVERNAME ServerName , db_name() DbName , principal_id , pr.name , pr.type_desc , pr.authentication_type_desc , pe.state_desc , pe.[permission_name] FROM sys.database_principals AS pr JOIN sys.database_permissions AS pe ON pe.grantee_principal_id = pr.principal_id;
Post a Comment
Read more

Azure SQL Database - list the enabled Audit specifications

select @@SERVERNAME ServerName , db_name() DbName , DATABASEPROPERTYEX(DB_NAME(),'Edition') Edition , DATABASEPROPERTYEX(DB_NAME(),'MaxSizeInBytes') MaxSizeInBytes , DATABASEPROPERTYEX(DB_NAME(),'Updateability') Updateability , DATABASEPROPERTYEX(DB_NAME(),'ServiceObjective') ServiceObjective , A1.Name , A1.create_date , A1.modify_date , A2.audit_action_name from sys.database_audit_specifications a1 JOIN sys.database_audit_specification_details A2 on A1.database_specification_id = a2.database_specification_id
Post a Comment
Read more