Rule ID
SV-276253r1150067_rule
Version
V1R1
CCIs
Auditing for Azure SQL Managed Instance tracks database events and writes them to an audit log in the Azure storage account, Log Analytics workspace, or Event Hubs. Under normal conditions, the audit space allocated by an Azure Storage account can grow quite large. Since a requirement exists to halt processing upon audit failure, a service outage would result.
Azure SQL Managed Instance must provide notice upon audit storage reaching capacity. Verify if an Azure Rule exists with the following command example: $storageAcct = Get-AzStorageAccount -ResourceGroupName 'Name of RG for Audit Storage' -Name 'Audit Storage Account Name' $metric = Get-AzMetricAlertRuleV2 | Where-Object TargetResourceId -eq $storageAcct.Id $metric.Criteria If no alert exists, this is a finding. If the criteria does not match 75 percent or less than the maximum capacity of 5TB, this is a finding.
Utilize Alerts in Microsoft Azure Monitoring and/or third-party tools to configure the system to notify appropriate support staff immediately upon storage volume utilization reaching 75 percent. Refer to: https://learn.microsoft.com/en-us/azure/azure-monitor/alerts/alerts-overview