It’s been observed that Users while configuring any management service feature like Vulnerability Assessment , Auditing , Threat protection etc. for their Azure SQL DB/Server seldom fails with an error message { “:\”PrinicipalNotFound\”,\”message\”:\”Principal ***** does not exist in the directory ****. \”} with HTTPS status code 400 (bad request)
This error states , There is no Azure AD Identity assigned for your Azure SQL Server or
when the portal/Powershell try to use the Application ID instead of the Object ID in role assignment. To solve the problem you may need to create an Azure AD identity and assign the identity to the Azure SQL logical server with below steps.
- Open a new cloud shell window from the top right side of azure portal or you may use PowerShell to connect with your Azure subscription.
- Paste the below PowerShell code and execute it , it will create a function(Assign-AzSQLidentity) for the current PowerShell session.
Function Assign-AzSQLidentity { Param ( [parameter(Mandatory=$true)][string]$ResourceGroup, [parameter(Mandatory=$true)][string]$ServerName ) "Checking if server identity exists..." if(Get-AzADServicePrincipal -DisplayName $ServerName) { "Server identity already exist ,Ensuring Again" Set-AzSqlServer -ResourceGroupName $ResourceGroup -ServerName $ServerName -AssignIdentity Get-AzADServicePrincipal -DisplayName $ServerName } else { "Server identify for server " + $ServerName + " does not exist" "Assigning identity to server " + $ServerName Set-AzSqlServer -ResourceGroupName $ResourceGroup -ServerName $ServerName -AssignIdentity } } - Use the function and execute it on Command Window , you need to Provide the parameters Resource Group and SQL Server name when prompts.
Assign-AzSQLidentity -
Once the Identity is assigned , Please retry the management operation (Setting Auditing /VA etc..) , it should work now.
I hope this helps , Please let me know if you have any feedback or queries on it on the comment section .
Thank you @Yochanan Rachamim for guidance.
