last sync: 2020-Aug-05 13:05:29 UTC

Azure Policy

Public network access on Azure SQL Database should be disabled

Policy DisplayName Public network access on Azure SQL Database should be disabled
Policy Id 1b8ca024-1d5c-4dec-8995-b1a932b41780
Policy Category SQL
Policy Description Disabling the public network access property improves security by ensuring your Azure SQL Database can only be accessed from a private endpoint. This configuration denies all logins that match IP or virtual network based firewall rules.
Policy Mode Indexed
Policy Type BuiltIn
Policy in Preview FALSE
Policy Deprecated FALSE
Policy Effect Fixed: audit
Roles used none
Policy Changes
Date/Time (UTC ymd) (i) Change Change detail
2020-07-08 14:28:08 change: DisplayName previous DisplayName: Audit public network access setting for Azure SQL Database
2020-07-01 14:50:07 add: Policy 1b8ca024-1d5c-4dec-8995-b1a932b41780
Used in Policy Initiative(s) none
Policy Rule
{
  "properties": {
    "displayName": "Public network access on Azure SQL Database should be disabled",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "Disabling the public network access property improves security by ensuring your Azure SQL Database can only be accessed from a private endpoint. This configuration denies all logins that match IP or virtual network based firewall rules.",
    "metadata": {
      "version": "1.0.0",
      "category": "SQL"
    },
    "parameters": {
      
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.Sql/servers"
          },
          {
            "field": "Microsoft.Sql/servers/publicNetworkAccess",
            "notEquals": "Disabled"
          }
        ]
      },
      "then": {
        "effect": "audit"
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/1b8ca024-1d5c-4dec-8995-b1a932b41780",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "1b8ca024-1d5c-4dec-8995-b1a932b41780"
}