Azure SQL Auditing to a storage account destination behind a Virtual Network or a Firewall

We are pleased to announce that Auditing for Azure SQL Database and Azure Synapse Analytics supports writing database events to an Azure Storage account behind a virtual network and firewall.

We have been listening to customers around the need to store Azure SQL audit log in a secure location, and we are excited to announce that writing database events via Azure SQL Audit to a Storage Account destination behind VNET and Firewall is now generally available. This newly supported capability is delivered to you seamlessly and doesn’t require additional configurations and setting, keeping Auditing deployment simple and easy.

To save audit logs to a Storage Account that is behind a VNet of Firewall:


  1. Open your Azure SQL Server or Azure SQL Database, and select Auditing under Security:



2. Click on Storage details and select the storage account behind a VNet or Firewall you want to send the SQL logs. When selecting the Storage Account, ensure you see the message:


You have selected a storage account that is behind a firewall or in a virtual network. Using this storage account will enable the setting ‘Allow trusted Microsoft services to access this storage account’ and will create a server managed identity with the ‘storage blob data contributor’ RBAC-role assigned. Click here for more information.





3. Select OK and wait for the confirmation on your Azure notifications.


To learn more, visit Azure SQL Auditing and Write audit to a storage account behind VNet and firewall.

One Reply to “Azure SQL Auditing to a storage account destination behind a Virtual Network or a Firewall”

  1. Is this working for Read Scale Out replica (Auditing to storage account behind firewall) ? We have tried out but it is capturing only events from Primary Replica but not from Read scale out replica .

    Also, how to use this identity using PowerShell command as we need customize the audit actions

REMEMBER: these articles are REPUBLISHED. Your best bet to get a reply is to follow the link at the top of the post to the ORIGINAL post! BUT you're more than welcome to start discussions here:

This site uses Akismet to reduce spam. Learn how your comment data is processed.