Ensure that Microsoft Entra ID authentication is configured to allow you to centrally manage identity and access to your Microsoft Azure PostgreSQL database servers by using an Microsoft Entra administrator.
This rule resolution is part of the Conformity Security & Compliance tool for Azure.
Security Microsoft Entra ID authentication represents a secure instrument that can be used to connect to your Azure PostgreSQL database servers using identities available within the Microsoft Entra ID. With Azure Microsoft Entra ID authentication, the identities of the PostgreSQL database users can be managed in one central location, simplifying access permission management. Other benefits provided by the Microsoft Entra ID authentication feature include:
Providing authentication across Microsoft Azure services in a uniform way;
Supporting multiple forms of authentication in order to eliminate the need to store access passwords;
Using PostgreSQL database roles to authenticate identities at the database level;
Allowing customers to manage PostgreSQL database permissions using external Microsoft Entra groups;
Providing tools for management of password policies and password rotation in one single place;
Supporting token-based authentication for applications connecting to your PostgreSQL database servers.
Audit
To determine if an Microsoft Entra administrator is configured for PostgreSQL authentication within your Azure PostgreSQL database server settings, perform the following actions:
Note: Auditing Azure PostgreSQL database servers for Microsoft Entra admin-based authentication using Azure CLI or Azure PowerShell is not currently supported.Remediation / Resolution
To configure a Microsoft Entra administrator for authentication and access to your Microsoft Azure PostgreSQL database servers, perform the following operations:
Note: Configuring a Microsoft Entra admin for PostgreSQL database server authentication using Azure CLI or Azure PowerShell is not currently supported.