Skip to content

Exposed Source

Service Name: Azure SQL Database

Service Description: Azure SQL Database is a fully managed platform as a service (PaaS) database engine that handles most database management functions such as upgrading, patching, backups, and monitoring without user involvement.

Service Address: https://azure.microsoft.com/en-us/products/azure-sql/database

Validation Type: -

IP Allow list: Does not exist

Secret Access Scope: Grants access to Azure SQL databases when combined with proper authentication credentials.

Secret Revokement URL: https://learn.microsoft.com/en-us/azure/azure-sql/database/security-overview

Secret Example: mycompanydb.database.windows.net

Suspicious Activity Investigation Instructions:

  • Review Azure SQL audit logs for unusual query patterns or data access
  • Check Azure Activity logs for unauthorized connection attempts
  • Monitor for unusual data export operations or schema changes
  • Verify IP addresses accessing the database against expected sources
  • Look for privilege escalation attempts in database user roles

Mitigation Instructions:

  • Rotate any credentials that may have been exposed with the connection string
  • Update firewall rules to restrict access to known IP addresses only
  • Enable Azure Defender for SQL to detect potential threats
  • Implement Azure Active Directory authentication instead of SQL authentication
  • Review and minimize permissions for all database users and roles
  • Enable Transparent Data Encryption (TDE) if not already enabled
  • Consider implementing Always Encrypted for sensitive data columns