Activity log alert should exist for Create or Update SQL Server Firewall Rule
HIGH
Ensures an activity log alert is configured to detect creation or modification of SQL Server firewall rules.
What does this mean?
This recommendation ensures that Azure Activity Log alerts are configured to trigger when SQL Server firewall rules are created or updated. Changes to firewall rules can expose databases to unauthorized networks.
Benefits of implementation
- Immediate notification of firewall rule changes
- Enables rapid response to unauthorized network access changes
- Supports change management and audit requirements
Drawbacks and considerations
- Generates alerts for both legitimate and suspicious changes
- Requires alert routing and response procedures
- May produce alert fatigue in environments with frequent changes
Implementation
Implementation guidance coming soon.
Related recommendations
Related recommendations will be linked here.
Frameworks
Details
- Risk Level
- HIGH
- Category
- Logging & Monitoring
- Azure Resource
- Frameworks
- 1 frameworks
- Last updated
- 2026-02-12