AzPolicyAdvertizer

last sync: 2021-May-05 13:56:08 UTC

Azure Policy definition

Infrastructure encryption should be enabled for Azure Database for MySQL servers

Name Infrastructure encryption should be enabled for Azure Database for MySQL servers
Azure Portal

Id 3a58212a-c829-4f13-9872-6371df2fd0b4

Version 1.0.0
details on versioning

Category SQL
Microsoft docs

Description Enable infrastructure encryption for Azure Database for MySQL servers to have higher level of assurance that the data is secure. When infrastructure encryption is enabled, the data at rest is encrypted twice using FIPS 140-2 compliant Microsoft managed keys.

Mode Indexed

Type BuiltIn

Preview FALSE

Deprecated FALSE

Effect Default: Audit
Allowed: (Audit, Deny, Disabled)

Used RBAC Role none

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2020-10-20 13:29:33	add	3a58212a-c829-4f13-9872-6371df2fd0b4

Used in Initiatives

Initiative DisplayName	Initiative Id	Initiative Category	State
[Preview]: CMMC Level 3	b5629c75-5c77-4422-87b9-2509e680f8de	Regulatory Compliance	Preview

JSON

{
  "properties": {
    "displayName": "Infrastructure encryption should be enabled for Azure Database for MySQL servers",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "Enable infrastructure encryption for Azure Database for MySQL servers to have higher level of assurance that the data is secure. When infrastructure encryption is enabled, the data at rest is encrypted twice using FIPS 140-2 compliant Microsoft managed keys.",
    "metadata": {
      "version": "1.0.0",
      "category": "SQL"
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "Audit",
          "Deny",
          "Disabled"
        ],
        "defaultValue": "Audit"
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.DBforMySQL/servers"
          },
          {
            "field": "Microsoft.DBforMySQL/servers/infrastructureEncryption",
            "notEquals": "Enabled"
          }
        ]
      },
      "then": {
      "effect": "[parameters('effect')]"
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/3a58212a-c829-4f13-9872-6371df2fd0b4",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "3a58212a-c829-4f13-9872-6371df2fd0b4"
}