Authentication

SQL Server instance with ‘contained database authentication’ flag enabled

Risk Level

Informational (4)

Platform(s)
Compliance Frameworks

Description

Contained databases have some unique threats that should be understood and mitigated by SQL Server Database Engine administrators. Most of the threats are related to the USER WITH PASSWORD authentication process, which moves the authentication boundary from the Database Engine level to the database level, hence this is recommended to disable this flag.
  • Recommended Mitigation

    Add the following database flag: 'contained database authentication=off'