This is a follow-on question to Logging just one table in an Azure SQL Database
It is possible to connect to my Azure SQL Server database using SSMS (Microsoft SQL Server Management Studio), and an appropriate username and password.
If someone does that, and then selects one of the tables, and does "Edit Top 200 Rows", then he/she can manually change one of the values of the table - by clicking inside and typing a new value - without recourse to SQL commands.
One could log such changes by building a second "History" table and adding a trigger to the first table, to add a row to the history table upon any update. However, I do not want to go down that route.
I wondered whether I could log such manual data changes using the PowerShell command Set-AzSqlDatabaseAudit?
Something like
Set-AzSqlDatabaseAudit ` -ResourceGroupName "MyResourceGroupName" ` -ServerName "MySqlServerName" ` -DatabaseName "MyDatabaseName" ` -AuditActionGroup "DATABASE_OBJECT_CHANGE_GROUP" ` -AuditAction `"MANUAL_EDIT ON dbo.LoginTable BY public"Note I am not necessarily suspicious of nefarious activity. There are legitimate use cases when admins need to log into the database to fix certain data issues, but I would want a "trail" of their activity.