Sprinto Dashboard

Azure Infrastructure Monitors

Monitor critical Azure infrastructure with Sprinto by tracking SQL database encryption, storage security, NSG flow logs, CPU usage, and TLS settings across web apps.

Sprinto integrates with Microsoft Azure to monitor infrastructure-level controls and resource security configurations. These monitors ensure that core services such as storage, databases, and web apps are correctly configured to meet compliance requirements and organisational policies.

This article outlines the Azure-specific infrastructure monitors tracked by Sprinto, the configuration steps for each, and how to resolve failing monitors.

Monitored Azure Services

Sprinto evaluates the following Azure services for infrastructure and configuration compliance:

  1. Azure SQL Database

  2. Azure Storage Accounts

  3. Azure Network Security Groups (NSGs)

  4. Azure Web Apps

Detailed Monitors and Resolution Steps

1. Azure SQL: CPU Utilisation Should Be Monitored

  • What it checks: Azure Monitor is configured to track high CPU usage on SQL Databases.

  • How to resolve:

    1. Go to Azure Portal > Monitor > Alerts > New Alert Rule.

    2. Select Resource (SQL database) → Choose Metric: CPU percentage.

    3. Set a condition (e.g., >80% for 5 minutes).

    4. Define an action group (email, webhook, etc.).

    5. Save and enable the alert.

2. Azure SQL: Data Should Be Encrypted

  • What it checks: Transparent Data Encryption (TDE) is enabled on SQL Databases.

  • How to resolve:

    1. Navigate to SQL Server > Transparent Data Encryption.

    2. Ensure TDE status is set to Enabled.

    3. Choose Service-managed key or Customer-managed key.

    4. Save the settings.

3. Azure Storage: Secure Transfer Should Be Required

  • What it checks: Ensures the storage account enforces secure (HTTPS-only) connections.

  • How to resolve:

    1. Go to Storage Accounts > Configuration.

    2. Set Secure transfer required to Enabled.

    3. Click Save.

4. Azure Storage: Default Network Access Rule Should Be Deny

  • What it checks: Blocks public access unless explicitly allowed.

  • How to resolve:

    1. Go to Storage Accounts > Networking.

    2. Under Firewalls and virtual networks, set:

      • Public access: Disabled

      • Default action: Deny

    3. Save changes.

5. Azure NSG: Flow Logs Should Be Enabled

  • What it checks: Captures NSG traffic logs for network analysis.

  • How to resolve:

    1. Navigate to NSG > Diagnostic settings.

    2. Click Add diagnostic setting.

    3. Select Flow logs, choose a Storage account or Log Analytics workspace.

    4. Enable retention and save.

6. Azure Web Apps: Latest TLS Version Should Be Enforced

  • What it checks: Web apps are using TLS 1.2 or higher.

  • How to resolve:

    1. Go to App Services > Configuration > General settings.

    2. Set Minimum TLS version to 1.2 or 1.3.

    3. Click Save.

Remediating the Monitor in Sprinto

  • Sprinto auto-updates the monitor status for integrated services.

  • For manual checks:

    • Upload screenshots of your Azure Portal settings

    • Attach relevant policy JSONs or diagnostic exports

  • Use Mark as Resolved after completing remediation

Best Practices

  • Standardise configurations using Azure Policy

  • Use Log Analytics and Diagnostic Settings to track long-term trends

  • Define alert thresholds based on baselined performance, not arbitrary values

  • Group resources using tags for easier monitor filtering

PreviousAWS Infrastructure MonitorsNextEncryption & Backup Monitoring

Last updated