SQL Server instance with ‘contained database authentication’ flag enabled


Contained databases have some unique threats that should be understood and mitigated by SQL Server Database Engine administrators. Most of the threats are related to the USER WITH PASSWORD authentication process, which moves the authentication boundary from the Database Engine level to the database level, hence this is recommended to disable this flag.
  • Recommended Mitigation

    Add the following database flag: 'contained database authentication=off'.