| Plugin Title | Audit Retention Policy |
| Cloud | AZURE |
| Category | SQL Server |
| Description | Ensures that SQL Server Auditing retention policy is set to greater than 90 days |
| More Info | Enabling SQL Server Auditing ensures that all activities are being logged properly, including potentially-malicious activity. Having a long retention policy ensures that all logs are kept for auditing and legal purposes. |
| AZURE Link | https://docs.microsoft.com/en-us/azure/sql-database/sql-database-auditing |
| Recommended Action | Ensure that the storage account retention policy for each SQL server is set to greater than 90 days. |
- Log in to the Microsoft Azure Management Console.
- Select the "Search resources, services, and docs" option at the top and search for "SQL servers".
- On the "SQL server" page, select the SQL server that needs to be examined.
- On the selected "SQL server" page, scroll down the left navigation panel and select "Auditing" under "Security".
- On the "Auditing" page, scroll down to "Audit log destination" and click on Advanced properties" under "Storage".
- If the Retention (Days)is set to zero then audit logs are not being retained.
- To ensure that the storage account retention policy for each SQL server is set to greater than 90 days, drag the slider or type 365 in the text box.
- Click on "Save" at the top to make the necessary changes.
- Repeat steps 3-8 to ensure that SQL Server Auditing retention policy is set to greater than 90 days.
