last sync: 2024-May-27 19:38:21 UTC

Azure SQL Managed Instance should have Microsoft Entra-only authentication enabled

Azure BuiltIn Policy definition

Source Azure Portal
Display name Azure SQL Managed Instance should have Microsoft Entra-only authentication enabled
Id 0c28c3fb-c244-42d5-a9bf-f35f2999577b
Version 1.0.0
Details on versioning
Category SQL
Microsoft Learn
Description Require Azure SQL Managed Instance to use Microsoft Entra-only authentication. This policy doesn't block Azure SQL Managed instances from being created with local authentication enabled. It does block local authentication from being enabled on resources after create. Consider using the 'Microsoft Entra-only authentication' initiative instead to require both. Learn more at: https://aka.ms/adonlycreate.
Mode All
Type BuiltIn
Preview False
Deprecated False
Effect Default
Audit
Allowed
Audit, Deny, Disabled
RBAC role(s) none
Rule aliases IF (1)
Alias Namespace ResourceType DefaultPath Modifiable
Microsoft.Sql/managedInstances/azureADOnlyAuthentications/azureADOnlyAuthentication Microsoft.Sql managedInstances/azureADOnlyAuthentications properties.azureADOnlyAuthentication true
Rule resource types IF (1)
Microsoft.Sql/managedInstances/azureADOnlyAuthentications
Compliance
The following 1 compliance controls are associated with this Policy definition 'Azure SQL Managed Instance should have Microsoft Entra-only authentication enabled' (0c28c3fb-c244-42d5-a9bf-f35f2999577b)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
Azure_Security_Benchmark_v3.0 IM-1 Azure_Security_Benchmark_v3.0_IM-1 Microsoft cloud security benchmark IM-1 Identity Management Use centralized identity and authentication system Shared **Security Principle:** Use a centralized identity and authentication system to govern your organization's identities and authentications for cloud and non-cloud resources. **Azure Guidance:** Microsoft Entra ID is Azure's identity and authentication management service. You should standardize on Microsoft Entra ID to govern your organization's identity and authentication in: - Microsoft cloud resources, such as the Azure Storage, Azure Virtual Machines (Linux and Windows), Azure Key Vault, PaaS, and SaaS applications. - Your organization's resources, such as applications on Azure, third-party applications running on your corporate network resources, and third-party SaaS applications. - Your enterprise identities in Active Directory by synchronization to Microsoft Entra ID to ensure a consistent and centrally managed identity strategy. Note: As soon as it is technically feasible, you should migrate on-premises Active Directory based applications to Microsoft Entra ID. This could be a Microsoft Entra Enterprise Directory, Business to Business configuration, or Business to consumer configuration. **Implementation and additional context:** Tenancy in Microsoft Entra ID: https://docs.microsoft.com/azure/active-directory/develop/single-and-multi-tenant-apps How to create and configure a Microsoft Entra instance: https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-access-create-new-tenant Define Microsoft Entra ID tenants: https://azure.microsoft.com/resources/securing-azure-environments-with-azure-active-directory/ Use external identity providers for an application: https://docs.microsoft.com/azure/active-directory/b2b/identity-providers n/a link 14
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
Azure SQL Managed Instance should have Microsoft Entra-only authentication 9b8d8228-e8cc-4c95-8d98-47f32df40b5e SQL GA BuiltIn
Microsoft cloud security benchmark 1f3afdf9-d0c9-4c3d-847f-89da613e70a8 Security Center GA BuiltIn
History
Date/Time (UTC ymd) (i) Change type Change detail
2024-01-24 19:15:51 add 0c28c3fb-c244-42d5-a9bf-f35f2999577b
JSON compare n/a
JSON
api-version=2021-06-01
EPAC