Azure SQL Protection
Audit
Every SQL database in your Azure tenant — Azure SQL, Managed Instances, SQL VMs, Arc-enabled servers — checked for backup coverage, with owners identified. Know what's unprotected before your auditor does.
The Gap Nobody Checks
Azure's native backup tools don't give you a single view of SQL protection across your tenant. Azure SQL DBs, Managed Instances, SQL VMs, and Arc-enabled SQL Servers each live in different resource providers. Standard sizing scripts miss Arc SQL entirely. And when you find an unprotected database, the first question from leadership is "whose is it?" — but RBAC owners and billing owners are different people in enterprise Azure.
What It Does
Full SQL Inventory
Discovers all 4 SQL asset types: Azure SQL DB, Managed Instance, SQL VM, and Arc-enabled SQL Server. No resource provider left behind.
Backup Coverage Check
Cross-references every SQL asset against Azure Recovery Services vaults. Protected or unprotected — no ambiguity.
Owner Resolution
Identifies both RBAC owners (who CAN manage) and billing owners (who PAYS). The hybrid approach that Azure alone can't provide.
Stakeholder-Ready CSV
11-column output ready for leadership review. Anonymization option for sharing with vendors.
How It Works
Scope
30-minute call to define target subscriptions and access requirements. Reader role is all that's needed.
Access
You assign Azure Reader role (read-only) to my credentials. Temporary — revoked when assessment is complete.
Collection
Script runs against your live environment. Azure SQL DBs, Managed Instances, SQL VMs, Arc SQL — all enumerated and checked against backup vaults.
Delivery
CSV report with protection status and ownership for every SQL asset. Includes walkthrough of findings and remediation priorities.
Open Source + Professional Service
- All 4 SQL resource types
- Backup vault cross-reference
- RBAC owner resolution
- CSV output with anonymization
- Community support via GitHub Issues
- Everything in Self-Service
- Billing owner resolution
- Executive summary document
- 60-minute findings walkthrough
- Remediation priority recommendations
- 5 business day turnaround
- Everything in Managed Assessment
- Cross-tenant SQL inventory
- CMDB integration for owner enrichment
- Quarterly re-assessment cadence
- Compliance framework mapping
- Custom reporting format
Who This Is For
Cloud Security Teams
Need visibility into SQL backup coverage gaps before they become audit findings.
IT Governance & Compliance
Mapping backup protection to compliance frameworks. Need evidence that SQL assets are covered.
Rubrik & Backup Vendors
Pre-sales sizing and gap analysis. Know exactly what needs protection before quoting.
Platform Engineering
Managing Azure at scale. Need automated inventory of SQL assets across hundreds of subscriptions.
RBAC Owners ≠ Billing Owners
In enterprise Azure, the person who CAN manage a subscription (RBAC Owner) is rarely the person who PAYS for it (billing/enrollment account owner). Service principals, shared admin groups, and automation accounts frequently hold the Owner role. The actual business stakeholder is buried in EA portal exports or CMDB records that Azure APIs can't access.
This tool surfaces both. RBAC owners from Azure IAM, plus optional billing owner enrichment from your organization's records. Full methodology documented in our open-source owner resolution guide.
See It In Action
We ran this exact assessment on a large enterprise tenant and found 199 SQL assets with zero backup protection. Read the full case study: Case Study — 199 SQL Assets, Zero Protected →
Know what's unprotected.
Free 30-minute scoping call. Or download the tool and run it yourself. Either way, you'll know.