Description:
SQL Server Audit Retention should be configured to be greater than 90 days.
Rationale:
Audit Logs can be used to check for anomalies and give insight into suspected breaches or misuse of information and access.
From Azure Portal
From PowerShell
For each Server, set retention policy to more than 90 days
Log Analytics Example
Set-AzSqlServerAudit -ResourceGroupName -ServerName -RetentionInDays <Number of Days to retain the audit logs, should be more than 90 days> -LogAnalyticsTargetState Enabled -WorkspaceResourceId "/subscriptions//resourceGroups/insights-integration/providers/Microsoft.OperationalInsights/workspaces/
Event Hub Example
Set-AzSqlServerAudit -ResourceGroupName "" -ServerName "" -EventHubTargetState Enabled -EventHubName
"" -EventHubAuthorizationRuleResourceId ""
Blob Storage Example*
Set-AzSqlServerAudit -ResourceGroupName "" -ServerName "" -BlobStorageTargetState Enabled
-StorageAccountResourceId "/subscriptions//resourceGroups//providers/Microsoft.Stora
ge/storageAccounts/"