last sync: 2021-Sep-17 15:46:37 UTC

Azure Policy definition

Configure Azure Defender to be enabled on SQL servers

Name Configure Azure Defender to be enabled on SQL servers
Azure Portal
Id 36d49e87-48c4-4f2e-beed-ba4ed02b71f5
Version 2.1.0
details on versioning
Category SQL
Microsoft docs
Description Enable Azure Defender on your Azure SQL Servers to detect anomalous activities indicating unusual and potentially harmful attempts to access or exploit databases.
Mode Indexed
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Fixed: DeployIfNotExists
Used RBAC Role
Role Name Role Id
SQL Security Manager 056cd41c-7e88-42e1-933e-88ba6a50c9c3
History
Date/Time (UTC ymd) (i) Change type Change detail
2021-07-30 15:17:20 change Minor (2.0.0 > 2.1.0)
2021-01-05 16:06:49 change Major (1.1.0 > 2.0.0)
2020-10-27 14:12:45 change Minor (1.0.0 > 1.1.0)
Used in Initiatives
Initiative DisplayName Initiative Id Initiative Category State
[Preview]: Motion Picture Association of America (MPAA) 92646f03-e39d-47a9-9e24-58d60ef49af8 Regulatory Compliance Preview
Configure Azure Defender to be enabled on SQL Servers and SQL Managed Instances 9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97 Security Center GA
JSON Changes

JSON
{
  "displayName": "Configure Azure Defender to be enabled on SQL servers",
  "policyType": "BuiltIn",
  "mode": "Indexed",
  "description": "Enable Azure Defender on your Azure SQL Servers to detect anomalous activities indicating unusual and potentially harmful attempts to access or exploit databases.",
  "metadata": {
    "version": "2.1.0",
    "category": "SQL"
  },
  "parameters": {},
  "policyRule": {
    "if": {
      "allOf": [
        {
          "field": "type",
          "equals": "Microsoft.Sql/servers"
        },
        {
          "field": "kind",
          "notContains": "analytics"
        }
      ]
    },
    "then": {
      "effect": "DeployIfNotExists",
      "details": {
        "type": "Microsoft.Sql/servers/securityAlertPolicies",
        "name": "Default",
        "existenceCondition": {
          "field": "Microsoft.Sql/securityAlertPolicies.state",
          "equals": "Enabled"
        },
        "roleDefinitionIds": [
          "/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3"
        ],
        "deployment": {
          "properties": {
            "mode": "incremental",
            "template": {
              "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
              "contentVersion": "1.0.0.0",
              "parameters": {
                "serverName": {
                  "type": "string"
                }
              },
              "variables": {},
              "resources": [
                {
                  "name": "[concat(parameters('serverName'), '/Default')]",
                  "type": "Microsoft.Sql/servers/securityAlertPolicies",
                  "apiVersion": "2020-11-01-preview",
                  "properties": {
                    "state": "Enabled"
                  }
                }
              ]
            },
            "parameters": {
              "serverName": {
                "value": "[field('name')]"
              }
            }
          }
        }
      }
    }
  }
}