AzPolicyAdvertizer

last sync: 2021-Mar-03 15:53:01 UTC

Azure Policy definition

Infrastructure encryption should be enabled for Azure Database for MySQL servers

Name Infrastructure encryption should be enabled for Azure Database for MySQL servers
Azure Portal
Id 3a58212a-c829-4f13-9872-6371df2fd0b4
Version 1.0.0
details on versioning
Category SQL
Microsoft docs
Description Enable infrastructure encryption for Azure Database for MySQL servers to have higher level of assurance that the data is secure. When infrastructure encryption is enabled, the data at rest is encrypted twice using FIPS 140-2 compliant Microsoft managed keys.
Mode Indexed
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default: Audit
Allowed: (Audit, Deny, Disabled)
Used RBAC Role none
History
Date/Time (UTC ymd) (i) Change type Change detail
2020-10-20 13:29:33 add 3a58212a-c829-4f13-9872-6371df2fd0b4
Used in Initiatives
Initiative DisplayName Initiative Id Initiative Category State
[Preview]: CMMC Level 3 b5629c75-5c77-4422-87b9-2509e680f8de Regulatory Compliance Preview
Json 
{
  "properties": {
    "displayName": "Infrastructure encryption should be enabled for Azure Database for MySQL servers",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "Enable infrastructure encryption for Azure Database for MySQL servers to have higher level of assurance that the data is secure. When infrastructure encryption is enabled, the data at rest is encrypted twice using FIPS 140-2 compliant Microsoft managed keys.",
    "metadata": {
      "version": "1.0.0",
      "category": "SQL"
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "Audit",
          "Deny",
          "Disabled"
        ],
        "defaultValue": "Audit"
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.DBforMySQL/servers"
          },
          {
            "field": "Microsoft.DBforMySQL/servers/infrastructureEncryption",
            "notEquals": "Enabled"
          }
        ]
      },
      "then": {
      "effect": "[parameters('effect')]"
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/3a58212a-c829-4f13-9872-6371df2fd0b4",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "3a58212a-c829-4f13-9872-6371df2fd0b4"
}