Azure SQL Database must map the PKI-authenticated identity to an associated user account.
An XCCDF Rule
Description
<VulnDiscussion>The DOD standard for authentication is DOD-approved PKI certificates. Once a PKI certificate has been validated, it must be mapped to an Azure SQL Database user account for the authenticated identity to be meaningful to Azure SQL Database and useful for authorization decisions.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-255336r879614_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
To set the Azure Active Directory Administrator, use the following PowerShell command:
$LogicalServerName = "myServer"
Set-AzSqlServerActiveDirectoryAdministrator -ResourceGroupName "myResourceGroup" -ServerName $LogicalServerName -DisplayName "myAADIdentify"
Azure Active Directory Authentication can be enabled using either PowerShell or the Azure CLI.