It’s been observed that Users while configuring any management service feature like Vulnerability Assessment , Auditing , Threat protection etc. for their Azure SQL DB/Server seldom fails with an error message { “:\”PrinicipalNotFound\”,\”message\”:\”Principal ***** does not exist in the directory ****. \”} with HTTPS status code 400 (bad request)
This error states , There is no Azure AD Identity assigned for your Azure SQL Server . To solve the problem you may need to create an Azure AD identity and assign the identity to the Azure SQL logical server with below steps.
- Open a new cloud shell window from the top right side of azure portal or you may use PowerShell to connect with your Azure subscription.
- Paste the below PowerShell code and execute it , it will create a function(Assign-AzSQLidentity) for the current PowerShell session.
Function Assign-AzSQLidentity { Param ( [parameter(Mandatory=$true)][string]$ResourceGroup, [parameter(Mandatory=$true)][string]$ServerName ) "Checking if server identity exists..." if(Get-AzADServicePrincipal -DisplayName $ServerName) { "Server identity already exists" Get-AzADServicePrincipal -DisplayName $ServerName } else { "Server identify for server " + $ServerName + " does not exist" "Assigning identity to server " + $ServerName Set-AzSqlServer -ResourceGroupName $ResourceGroup -ServerName $ServerName -AssignIdentity } } - Use the function and execute it on Command Window , you need to Provide the parameters Resource Group and SQL Server name when prompts.
Assign-AzSQLidentity -
Once the Identity is assigned , Please retry the management operation (Setting Auditing /VA etc..) , it should work now.
I hope this helps , Please let me know if you have any feedback or queries on it on the comment section .
Thank you @Yochanan Rachamim for guidance.
