Who logged into my #Azure SQL Database?

3 Replies

Ever try to figure out how to track who logged into your Azure SQL database? You checked all the usual ways you might handle that with a SQL Server database, but one-by-one find out they just don’t work. Here’s one way to do it.

To track who is logging into your Azure SQL database, enable auditing (here’s how to do that) with audit entries directed to an Azure storage blob. There are two ways to do this: at the database server level and at the individual database level. Either is fine, but for the example that follows, auditing is assumed to be at the db server level. The example query can be adjusted to work with auditing at the database level, but one of the two auditing options is definitely required to be on!

Run this query to find out all the principals (users) who have logged in so far today into your Azure SQL database.


Turn on Audit Logging to Blob for your Azure SQL Database. Then you can query who has logged in.
The example below assumes DB Server-level audit logging. Details will vary slightly for Database-level audit logging.
The example below shows who logged in so far today.
Change "-0" to "-1" to look at yesterday (from a UTC perspective, not your local timezone).
Change "-0" to "-100" to look at 100 days ago.
SELECT FORMATMESSAGE('%s (%s)', CAST(DATEADD(day, 0, CONVERT(date, SYSUTCDATETIME())) as varchar),
DATENAME(WEEKDAY, DATEADD(day, 0, SYSUTCDATETIME()))),
server_principal_name,
COUNT(server_principal_name) as 'Logins'
FROM sys.fn_get_audit_file(FORMATMESSAGE('https://<MYBLOB&gt;.blob.core.windows.net/sqldbauditlogs/<MYDBSERVER>/<MYDB>/SqlDbAuditing_ServerAudit/%s/'
CAST(DATEADD(day, 0, CONVERT(date, SYSUTCDATETIME())) as varchar)),default, default)
WHERE (event_time >= CAST(CONVERT(date, SYSUTCDATETIME()) as datetime2))AND (action_id = 'DBAS')
GROUP BY server_principal_name
HAVING COUNT(server_principal_name) > 0

view raw

check-azure-sql-db-logins.sql

hosted with ❤ by GitHub

The output is something like the following, assuming if I’ve logged in 12 times so far today with my AAD account (bill@example.com) and 1 time with a database-specific credential (myadmin):

09-Nov-2019 (Saturday) codingoutloud@example.com 12

09-Nov-2019 (Saturday) myadmin 1

The query might take a while time to run, depending on how much data you are traversing. In one of my test environments, it takes nearly 20 minutes. I am sure it is sensitive the amount of data you are logging, database activity, and maybe settings on your blob (not sure if premium storage is supported, but I’m not using it and didn’t test with it).

Note: There are other ways to accomplish this, but every way I know of requires use of Azure SQL auditing. In this post we pushed them to blobs, but other destinations are available. For example, you could send to Event Hubs for a more on-the-fly tracker.

Advertisement

Talk: Running Azure Securely — PART I — Boston Azure 18-Oct-2018

Leave a reply

At most recent Boston Azure meeting I give (what turns out to be…) the first part of a multi-part talk on Running Azure Securely. Even though I did not cover all this content, I’ve attached the whole powerpoint deck below.

BostonAzure-RunningAzureSecurely-BillWilder-2018-Oct-18

Please watch for a Part II to be scheduled.

Talk: Running Securely On Azure

1 Reply

On Tuesday evening 27-Mar-2018 I had the pleasure of speaking to the Nashville Azure group about keeping workloads safe in the Azure cloud. Was a great group with a lot of interesting questions and dialog. They even helped to answer each others’ questions when I didn’t have answers, which is the best outcome of all.

For those interested in the deck I used, please find it below.

NashvilleAzure-RunningAzureSecurely-BillWilder-2018-Mar-27-Published

Talk: SQL Saturday 694 – Azure SQL Database – not just a cloud version of SQL Server

1 Reply

Spoke today to a small crowd of hardy soles who braved the snow to make it to SQL Saturday 694 – Providence – held at nearby Bryant University in Smithfield.

My slides are included below.

Azure SQL DB – Not Just A Cloud Version of SQL Server – SQL Saturday RI – 09-Dec-2017

Talk: SharePoint Saturday Burlington – Gentle Introduction to Azure

1 Reply

We first looked at how we might solve a random StackOverflow question using Azure Logic Apps, Azure Function Apps, the nifty PhantomJsCloud.com service, and a look at how a little Cognitive Service action could be woven in. A random walk around other Azure features followed. Some reactions were memorable – my favorite, because I completely agree: Why would I ever want to run my own SharePoint instance when the Office 365 service is available? And a bunch of other good questions.

Slides:

Talk: SQL Saturday Boston – Azure SQL DB, not just a hosted version of SQL Server

1 Reply

This past weekend I participated in SQL Saturday BI Boston in Burlington, MA. I spoke about Azure SQL Database, explaining why Azure SQL Database is much more than just a hosted version of SQL Server. The slides I presented are here:

If you are local, you may be interested in learning more about Azure by checking out @bostonazure and bostonazure.org. You can find me on twitter here: @codingoutloud.

Talk: A Gentle Intro to Serverless Azure

1 Reply

Tonight I spoke at the North Boston Azure group and covering serverless concepts by looking at Logic Apps, Function Apps, and a couple of powerful/easy features of Web Apps (authentication via AAD/Twitter & CD via Github).

Before I posted the slides (see below), I needed to clean up the 1000+ emails I spammed myself with from my Logic App demo. (Doh!)

spammed-myself-with-more-than-1000-emails-from-logic-app-demo

The slides are available for review here:

bill-talking-at-nba

 

Talk: Logic Apps & Functions at Granite State SharePoint Users Group

1 Reply

Tonight I was pleased to have the opportunity to demystify Azure Logic Apps & Functions for the Granite State SharePoint Users Group. Here is the slide deck I used to present:

djj-k-rwsauqecu

Speaking at the “stimulation rich” Microsoft Store — photo credit: @jfj1997 Julie Turner

By the time I turned off the Twitter => Slack Logic App, a lot of messages were posted (in the #demo channel within Boston Azure slack account – which is open – join here):

slack

I will be giving a longer and more general version of this talk at the SharePoint Saturday New England 2017 event on Sat Oct 28 in Burlington MA.

Also planning other variants of this talk in the coming weeks:

  1. Azure Functions at Boston Azure – Thu Sep 14 in Cambridge MA (NERD)
  2. Serverless Azure at VT Code Camp – Sat Sep 16 in Burlington Vermont
  3. Serverless Azure at North Boston Azure – Tue Sep 26 in Burlington MA
  4. Logic Apps Thu Oct 5 at NE Microsoft Dev Group
  5. Serverless Azure at SharePoint Saturday NE event mentioned above Sat Oct 28 in Burlington MA

Talk: Logic Apps at Boston Azure

1 Reply

Last night’s Boston Azure meetup featured two talks – No App Left Behind by Kevin Brown of SoftNAS after an opening talk on Logic Apps by me. My slides are below.

I did not have time to show it, but the Slack => Email process did succeed. I saw this later when I checked my email. Subject: bill-tux-full.png, Body: 1504739903F6YKE996C bill-tux-full.png bill-tux-full.png. And you can see the photo for yourself in the Boston Azure slack #demo channel.

If you’d like to learn more about Serverless Azure, check out these upcoming talks: Azure Functions and Logic Apps Thu Sep 7 in NHAzure Functions Thu Sep 14 in Cambridge MA (NERD), and various playing of Serverless Azure (Azure Functions and Logic Apps) on Sat Sep 16 in Burlington Vermont, Tue Sep 26 in Burlington MA, and (if my talk is accepted for the Sharepoint event) Sat Oct 28 in Burlington MA.

As always, please let me know if you are interested in more talks at Boston Azure. 🙂