Security

If you are using Azure SQL Managed Instance and encounter an error like this when restoring a database from an Azure Blob Storage container: Msg 3201, Level 16, State 2, Line 1 Cannot open backup device 'https://{storage-account}.blob.core.windows.net/my-container/mydb/FULL/mydb-backup.bak'. Operating system error 5(Access is denied.). You can try the following steps to fix it: 1. Check the SAS token and generate a new one if needed. The most common cause of this error is that the SAS token used to access the Azure Blob Storage container has expired or is invalid. A SAS token is a shared access signature that grants limited access to a resource in Azure. You can generate a SAS token for your Azure Blob Storage container using the Azure portal, PowerShell, CLI, or SDK. ...

An issue came up this week where some external consultants needed access to remote onto an Azure Windows VM to configure a third-party application. The consultants were given AAD logins and are working from home with dynamic IP addresses. What is the best way to grant them access to RDP onto the VM? The preferred method would be via a private endpoint into the VNet via point-to-site VPN or Bastion, but external consultants can’t be granted access that way. ...

I have set up server auditing for some managed instances in the same virtual cluster to record login success and failed events and write them to blob storage. Downstream, an ADF pipeline reads the events asynchronously and inserts them into a database for further analysis and reporting. Server audit stops writing Recently the server audit stopped writing to blob storage, even though the server audit status was still running and enabled. I have seen failures before where the server audit failed because of an expiring SAS token, but in this case the SAS token has a long expiry date, so know it’s not that. ...