last sync: 2021-Oct-22 15:42:38 UTC

Azure Policy definition

Configure Azure SQL Server to disable public network access

Name Configure Azure SQL Server to disable public network access
Azure Portal
Id 28b0b1e5-17ba-4963-a7a4-5a1ab4400a0b
Version 1.0.0
details on versioning
Category SQL
Microsoft docs
Description Disabling the public network access property shuts down public connectivity such that Azure SQL Server can only be accessed from a private endpoint. This configuration disables the public network access for all databases under the Azure SQL Server.
Mode Indexed
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default: Modify
Allowed: (Modify, Disabled)
Used RBAC Role
Role Name Role Id
SQL Server Contributor 6d8ee4ec-f05a-4a1d-8b00-a9b17e38b437
History
Date/Time (UTC ymd) (i) Change type Change detail
2021-03-02 15:11:40 add 28b0b1e5-17ba-4963-a7a4-5a1ab4400a0b
Used in Initiatives none
JSON
{
  "displayName": "Configure Azure SQL Server to disable public network access",
  "policyType": "BuiltIn",
  "mode": "Indexed",
  "description": "Disabling the public network access property shuts down public connectivity such that Azure SQL Server can only be accessed from a private endpoint. This configuration disables the public network access for all databases under the Azure SQL Server.",
  "metadata": {
    "category": "SQL",
    "version": "1.0.0"
  },
  "parameters": {
    "effect": {
      "type": "String",
      "metadata": {
        "displayName": "Effect",
        "description": "Enable or disable the execution of the policy"
      },
      "allowedValues": [
        "Modify",
        "Disabled"
      ],
      "defaultValue": "Modify"
    }
  },
  "policyRule": {
    "if": {
      "allOf": [
        {
          "field": "type",
          "equals": "Microsoft.Sql/servers"
        },
        {
          "field": "Microsoft.Sql/servers/publicNetworkAccess",
          "notEquals": "Disabled"
        }
      ]
    },
    "then": {
      "effect": "[parameters('effect')]",
      "details": {
        "conflictEffect": "audit",
        "roleDefinitionIds": [
          "/providers/Microsoft.Authorization/roleDefinitions/6d8ee4ec-f05a-4a1d-8b00-a9b17e38b437"
        ],
        "operations": [
          {
            "operation": "addOrReplace",
            "field": "Microsoft.Sql/servers/publicNetworkAccess",
            "value": "Disabled"
          }
        ]
      }
    }
  }
}