Enable Azure SQL Auditing at the server level on the Azure SQL logical server:
sql60152867
and configure the audit destination as the Azure Storage account:
sa60152867
This is the correct solution because the task says all databases on sql60152867. Database-level auditing would only apply to one database. Server-level auditing applies to all existing and newly created databases on the logical server. Microsoft states that server auditing policies apply to all existing and newly created databases on the server. The default auditing policy includes BATCH_COMPLETED_GROUP, which audits queries and stored procedures executed against the database, plus successful and failed authentication events.
Azure Portal Method — Recommended for Simulation
Step 1: Open the Azure SQL logical server
Sign in to the Azure portal.
Search for:
SQL servers
Open the SQL logical server named:
sql60152867
Be careful with the name. In your prompt, it appears as sql60l 52867, but the earlier tasks strongly indicate the real server name is probably:
sql60152867
Use the SQL logical server that hosts the databases, not a single SQL database.
Step 2: Open Auditing
On the SQL server page:
In the left menu, go to Security.
Select Auditing.
Microsoft’s setup path is to navigate to Auditing under the Security heading in either the SQL database or SQL server pane. For this task, you must use the SQL server pane because the requirement covers all databases.
Step 3: Enable server-level auditing
Set:
Enable Azure SQL Auditing = On
or:
Auditing = On
depending on the portal wording.
This enables the server-level audit policy.
Step 4: Select Storage as the audit destination
Under Audit log destination, select:
Storage
Then choose the storage account:
sa60152867
Microsoft states that Azure SQL auditing can write database events to an Azure storage account, Log Analytics workspace, or Event Hubs. For this simulation, the destination must be the storage account sa60152867, so do not choose Log Analytics or Event Hub unless the task separately asks for them.
Step 5: Configure storage authentication
If the portal asks for authentication type, use one of these depending on what is available in the lab:
Option
Use when
Managed Identity
Preferred if available
Storage access keys
Use if the lab expects the older/default storage-key method
Microsoft recommends managed identity for storage authentication because storage access keys are a security risk. However, many exam simulations still accept the default storage-key flow as long as the audit destination is correctly set to the required storage account.
Step 6: Leave default audit action groups enabled
Do not remove the default audit action groups.
The default Azure SQL auditing policy includes:
BATCH_COMPLETED_GROUP
SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP
FAILED_DATABASE_AUTHENTICATION_GROUP
BATCH_COMPLETED_GROUP is the key one here because it captures completed T-SQL batches, meaning the queries executed against the databases. Authentication and principal fields identify the login/user context. Microsoft states that the default auditing policy audits all queries and stored procedures executed against the database, plus successful and failed logins.
Step 7: Save the auditing configuration
Select:
Save
Wait for the portal notification that the auditing settings were saved successfully.
That completes the required configuration.
Verification
Verify from the Azure portal
Open the SQL server:
sql60152867
Go to:
Security > Auditing
Confirm:
Auditing: On
Destination: Storage
Storage account: sa60152867
Scope: Server-level
Verify storage output
After users execute queries, audit files should appear in the storage account.
Open storage account:
sa60152867
Go to Containers.
Open:
sqldbauditlogs
Azure SQL audit logs written to Azure Storage are stored in a container named sqldbauditlogs. Audit logs are written as .xel files and can be opened with SQL Server Management Studio.
What Information Is Captured?
The audit log includes the exact fields needed for this task.
Required information
Audit log field
Query executed
statement / statement_s
Database name
database_name / database_name_s
User context
database_principal_name / database_principal_name_s
Login context
server_principal_name / server_principal_name_s
Session principal
session_server_principal_name / session_server_principal_name_s
Time of execution
event_time / event_time_t
Client IP
client_ip / client_ip_s
Microsoft’s audit log format documents statement as the T-SQL statement that was executed, database_principal_name as the database user context, and server_principal_name as the current login.
SSMS Method — Viewing the Audit Logs
SSMS is not the main tool to enable Azure SQL auditing in this simulation, but it can be used to read the .xel audit files after they are written.
Step 1: Download or access the .xel files
From the storage account:
sa60152867 > Containers > sqldbauditlogs
Download the .xel audit file, or access it through supported tooling.
Step 2: Open the audit file in SSMS
Open SQL Server Management Studio.
Go to:
File > Open > File
Select the .xel audit file.
Review fields such as:
statement
database_principal_name
server_principal_name
database_name
event_time
client_ip
This verifies that the queries and the users that executed them are being captured.
Azure CLI Method
Use this only if Cloud Shell is available and you know the resource group names.
az sql server audit-policy update \
--resource-group < resource-group-name > \
--name sql60152867 \
--state Enabled \
--storage-account sa60152867
Depending on the environment, you may also need to specify the storage endpoint and access key, or use managed identity configuration. In the portal simulation, the UI normally handles this for you.
PowerShell Method
Use this if Azure PowerShell is available.
Set-AzSqlServerAudit `
-ResourceGroupName " < resource-group-name > " `
-ServerName " sql60152867 " `
-BlobStorageTargetState Enabled `
-StorageAccountResourceId " /subscriptions/ < subscription-id > /resourceGroups/ < storage-rg > /providers/Microsoft.Storage/storageAccounts/sa60152867 "
This configures auditing at the server level, which is the correct scope for all databases.
Final Exam-Lab Action
Configure this in the Azure portal:
SQL server: sql60152867
Security > Auditing
Auditing: On
Audit destination: Storage
Storage account: sa60152867
Default audit action groups: Enabled
Save
That captures queries and the users who executed them for all databases on the SQL logical server and stores the audit records in sa60152867.
Submit