Active Directory Administrator is not configured for SQL server
ID |
azure_ad_admin_sql_server |
Severity |
low |
Vendor |
Azure |
Resource |
IAM |
Tags |
reachable |
Description
Active Directory Administrator is not configured for SQL server. This is an insecure configuration. You must use the property ad_user.
Learn more about this topic at Azure AD user SQL Server and Azure AD admin with a server in SQL Database
Examples
---
- name: Example playbook
hosts: localhost
tasks:
- name: Create SQL Server with Azure Active Directory admin
azure_rm_sqlserver:
resource_group: myResourceGroup
name: server_name
location: westus
admin_username: mylogin
admin_password: Testpasswordxyz12!
administrators:
principal_type: Group
login: MySqlAdminGroup
sid: "{{ MySqlAdminGroup.object_id }}"
tenant_id: "{{ my_tenant_id }}"
azure_ad_only_authentication: falseyml
Mitigation / Fix
---
- name: Example playbook
hosts: localhost
tasks:
- name: Create SQL Server with Azure Active Directory admin
azure_rm_sqlserver:
resource_group: myResourceGroup
name: server_name
location: westus
ad_user: adusername
admin_username: mylogin
admin_password: Testpasswordxyz12!
administrators:
principal_type: Group
login: MySqlAdminGroup
sid: "{{ MySqlAdminGroup.object_id }}"
tenant_id: "{{ my_tenant_id }}"
azure_ad_only_authentication: falseyml