AzPolicyAdvertizer

last sync: 2024-Jul-26 18:17:39 UTC

Deploy Advanced Data Security on SQL servers

Azure BuiltIn Policy definition

Source

Azure Portal

Display name

Deploy Advanced Data Security on SQL servers

6134c3db-786f-471e-87bc-8f479dc890f6

Version

1.3.0
Details on versioning

Category

SQL
Microsoft Learn

Description

This policy enables Advanced Data Security on SQL Servers. This includes turning on Threat Detection and Vulnerability Assessment. It will automatically create a storage account in the same region and resource group as the SQL server to store scan results, with a 'sqlva' prefix.

Mode

Indexed

Type

BuiltIn

Preview

False

Deprecated

False

Effect

Fixed
DeployIfNotExists

RBAC role(s)

Role Name	Role Id
SQL Security Manager	056cd41c-7e88-42e1-933e-88ba6a50c9c3
Storage Account Contributor	17d1049b-9a84-46fb-8f53-869881c3d3ab

Rule aliases

THEN-ExistenceCondition (1)

Alias	Namespace	ResourceType	Path	PathIsDefault	DefaultPath	Modifiable
Microsoft.Sql/securityAlertPolicies.state	Microsoft.Sql Microsoft.Sql	servers/databases/securityAlertPolicies servers/securityAlertPolicies	properties.state properties.state	True True		False False

Rule resource types

IF (1)
Microsoft.Sql/servers
THEN-Deployment (3)
Microsoft.Sql/servers/securityAlertPolicies
Microsoft.Sql/servers/vulnerabilityAssessments
Microsoft.Storage/storageAccounts

Compliance

Not a Compliance control

Initiatives usage

Initiative DisplayName	Initiative Id	Initiative Category	State	Type
Enforce recommended guardrails for SQL and SQL Managed Instance	Enforce-Guardrails-SQL	SQL	GA	ALZ

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2022-07-22 16:34:49	change	Minor (1.2.0 > 1.3.0)
2021-06-08 15:17:13	change	Minor (1.1.0 > 1.2.0)
2021-04-27 15:38:15	change	Minor (1.0.0 > 1.1.0)

JSON compare

compare mode: version left: version right:

JSON

api-version=2021-06-01
EPAC