Description:
SQL Server Audit Retention should be configured to be greater than 90 days.
Rationale:
Audit Logs can be used to check for anomalies and give insight into suspected breaches or misuse of information and access.
From Azure Portal
From Powershell
For each Server, set retention policy for more than or equal to 90 days
Log Analytics Example
Set-AzSqlServerAudit -ResourceGroupName -ServerName -RetentionInDays <Number of Days to retain the audit logs, should be 90days minimum> -LogAnalyticsTargetState Enabled -WorkspaceResourceId "/subscriptions//resourceGroups/insights-integration/providers/Microsoft.OperationalInsights/workspaces/
Event Hub Example
Set-AzSqlServerAudit -ResourceGroupName "" -ServerName "" -EventHubTargetState Enabled -EventHubName
"" -EventHubAuthorizationRuleResourceId ""
Blob Storage Example*
Set-AzSqlServerAudit -ResourceGroupName "" -ServerName "" -BlobStorageTargetState Enabled
-StorageAccountResourceId "/subscriptions//resourceGroups//providers/Microsoft.Stora
ge/storageAccounts/"