Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

A new Data Days event is coming soon! This time we’re going bigger than ever. Fabric, Power BI, SQL, AI and more. Don't miss out.

srsaluru
Microsoft Employee
‎11-21-2025 07:00 AM

Auditing for Fabric SQL database (Preview)

Auditing for Fabric SQL database, is a powerful feature designed to help organizations strengthen security, ensure compliance, and gain deep operational insights into their data environments.

Why Auditing Matters

Auditing is a cornerstone of data governance. With Fabric SQL Database auditing, you can now easily track and log database activities—answering critical questions like who accessed what data, when, and how. This supports compliance requirements (such as HIPAA and SOX), enables robust threat detection, and provides a foundation for forensic investigations.

Key Highlights

  • Flexible Configuration: Choose from default 'audit everything', preconfigured scenarios (like permission changes, login attempts, data reads/writes, schema changes), or define custom action groups and predicate filters for advanced needs.
  • Seamless Access: Audit logs are stored in OneLake, making them easily accessible via T-SQL or OneLake Explorer.
  • Role-Based Access Control: Configuration and log access are governed by both Fabric workspace roles and SQL-level permissions, ensuring only authorized users can view or manage audit data.
  • Retention Settings: Customize how long audit logs are retained to meet your organization’s policy.

How It Works

Audit logs are written to a secure, read-only folder in OneLake and can be queried using the sys.fn_get_audit_file_v2 T-SQL function. Workspace and artifact IDs are used as identifiers, ensuring logs remain consistent even if databases move across logical servers. Access controls at both the workspace and SQL database level ensure only the right people can configure or view audit logs.

select event_time,action_id ,statement ,file_name,application_name from sys.fn_get_audit_file_v2
('https://onelake.blob.fabric.microsoft.com/<<workspace id>>/<<artifact id>>
/Audit/sqldbauditlogs/',default,default,default,default)

Example Use Cases

  • Compliance Monitoring: Validate a full audit trail for regulatory requirements.
  • Security Investigations: Track specific events like permission changes or failed login attempts.
  • Operational Insights: Focus on specific operations (e.g., DML only) or test retention policies.
  • Role-Based Access: Verify audit visibility across different user roles.

Getting Started

You can configure auditing directly from the Manage SQL Auditing blade in the Fabric Portal. Choose your preferred scenario, set retention, and (optionally) define custom filters—all through a simple, intuitive interface.

Auditing_for_Fabric_SQL_database_PreviewAuditing_for_Fabric_SQL_database_Preview

 

To learn more, and guidance getting started, refer to the Auditing for Fabric SQL database documentation.

 

0