Microsoft has always had a strong commitment to provide full transparency for every operation performed during incidents. When customers open support request, Microsoft support engineers may eventually proceed to investigate the databases and those operations must be surfaced to our customers.
We are delighted to announce the general availability of the capability to audit operations performed by Microsoft support engineers when they need to access customer’s SQL assets during a support request. The use of this capability, along with the regular auditing, enables more transparency into customers’ workforce and is sometimes required for compliance with regulatory standards.
How to enable Azure SQL Auditing of Microsoft support operations?
This functionality can be enabled on every Azure SQL Server by turning the feature to ON and configuring the desired destinations or programmatically (API, Azure CLI and PowerShell cmdlet). Customers can also enable Azure SQL Auditing of Microsoft support operations on every Azure SQL Managed Instance by configuring their Audit log and specifying OPERATOR_AUDIT = ON. We are now allowing customers to use a single audit configuration for their SQL audit logs and the Auditing of Microsoft support operations.
How to investigate SQL audit logs of Microsoft support operations?
When Azure SQL Auditing of Microsoft support operations is configured to a storage account destination, customers can access the audit logs in the same way for Azure SQL Auditing or Azure SQL Auditing of Microsoft support operations.
When Azure SQL Auditing of Microsoft support operations is configured to a Log Analytics Workspace or an Event Hub destination, the audit logs will be audited under a new category called "DevOpsOperationsAudit".
For more details on Auditing of Microsoft support operations for Azure SQL Server and Azure SQL Managed Instance, see Auditing for Azure SQL Database and Auditing for Azure SQL Managed Instance documentation.