Activity: Audit COPY_ONLY backup events on SQL Managed Instance using audit logs
In the previous activity, we saw the steps to enable a server audit for SQL Managed Instance. In this activity, we will use the server audit to track user-initiated COPY_ONLY database backups.
SQL Managed Instance has the ability to take database backups with the COPY_ONLY option on Azure Blob Storage. By default, all the databases are protected using a service-managed Transparent Data Encryption (TDE) key and COPY_ONLY backups are not allowed.
But there could be scenarios where a user who has higher access on an instance can disable service-managed TDE and take a COPY_ONLY backup of a database. You can track these events using audit logs.
Steps to configure an audit for backup and restore events
We have already seen how to configure a storage container for audit logs in a previous demo. Here we will create a server audit specification to track backup events.
You can skip the following steps...
