AzPolicyAdvertizer

last sync: 2021-Sep-22 19:36:51 UTC

Azure Policy definition

Vulnerability Assessment settings for SQL server should contain an email address to receive scan reports

Name Vulnerability Assessment settings for SQL server should contain an email address to receive scan reports
Azure Portal
Id 057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9
Version 2.0.0
details on versioning
Category SQL
Microsoft docs
Description Ensure that an email address is provided for the 'Send scan reports to' field in the Vulnerability Assessment settings. This email address receives scan result summary after a periodic scan runs on SQL servers.
Mode Indexed
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
Used RBAC Role none
History
Date/Time (UTC ymd) (i) Change type Change detail
2020-10-27 14:12:45 change Major (1.0.0 > 2.0.0)
2019-10-03 22:58:00 add 057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9
Used in Initiatives
Initiative DisplayName Initiative Id Initiative Category State
[Preview]: Australian Government ISM PROTECTED 27272c0b-c225-4cc3-b8b0-f2534b093077 Regulatory Compliance Preview
[Preview]: CMMC Level 3 b5629c75-5c77-4422-87b9-2509e680f8de Regulatory Compliance Preview
CIS Microsoft Azure Foundations Benchmark v1.3.0 612b5213-9160-4969-8578-1518bd2a000c Regulatory Compliance GA
New Zealand ISM Restricted d1a462af-7e6d-4901-98ac-61570b4ed22a Regulatory Compliance GA
JSON Changes

JSON 
{
  "displayName": "Vulnerability Assessment settings for SQL server should contain an email address to receive scan reports",
  "policyType": "BuiltIn",
  "mode": "Indexed",
  "description": "Ensure that an email address is provided for the 'Send scan reports to' field in the Vulnerability Assessment settings. This email address receives scan result summary after a periodic scan runs on SQL servers.",
  "metadata": {
    "version": "2.0.0",
    "category": "SQL"
  },
  "parameters": {
    "effect": {
      "type": "String",
      "metadata": {
        "displayName": "Effect",
        "description": "Enable or disable the execution of the policy"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    }
  },
  "policyRule": {
    "if": {
      "field": "type",
      "equals": "Microsoft.Sql/servers"
    },
    "then": {
      "effect": "[parameters('effect')]",
      "details": {
        "type": "Microsoft.Sql/servers/vulnerabilityAssessments",
        "name": "default",
        "existenceCondition": {
          "allOf": [
            {
              "field": "Microsoft.Sql/servers/vulnerabilityAssessments/default.recurringScans.emails[*]",
              "notEquals": ""
            },
            {
              "count": {
                "field": "Microsoft.Sql/servers/vulnerabilityAssessments/default.recurringScans.emails[*]"
              },
              "notEquals": 0
            }
          ]
        }
      }
    }
  }
}