Source
Azure Portal
Display name
Deploy Advanced Data Security on SQL servers
Id
6134c3db-786f-471e-87bc-8f479dc890f6 Copy Id Copy resourceId
Version
1.3.0 Details on versioning
Versioning
Versions supported for Versioning: 1 1.3.0 Built-in Versioning [Preview]
Category
SQL Microsoft Learn
Description
This policy enables Advanced Data Security on SQL Servers. This includes turning on Threat Detection and Vulnerability Assessment. It will automatically create a storage account in the same region and resource group as the SQL server to store scan results, with a 'sqlva' prefix.
Cloud environments
AzureCloud = true AzureUSGovernment = unknown AzureChinaCloud = unknown
Available in AzUSGov
Unknown, no evidence if Policy definition is/not available in AzureUSGovernment
Mode
Indexed
Type
BuiltIn
Preview
False
Deprecated
False
Effect
Fixed DeployIfNotExists
RBAC role(s)
Rule aliases
THEN-ExistenceCondition (1)
Alias
Namespace
ResourceType
Path
PathIsDefault
DefaultPath
Modifiable
Microsoft.Sql/securityAlertPolicies.state
Microsoft.Sql Microsoft.Sql
servers/databases/securityAlertPolicies servers/securityAlertPolicies
properties.state properties.state
True True
False False
Rule resource types
IF (1)
THEN-Deployment (3)
Compliance
Not a Compliance control
Initiatives usage
Records: 10 25 100 200 Use the filters above each column to filter and limit table data. Advanced searches can be performed by using the following operators:
< ,
<= ,
> ,
>= ,
= ,
* ,
! ,
{ ,
} ,
|| ,
&& ,
[empty] ,
[nonempty] ,
rgx: Learn more ? Page 1 of 1
Clear SQL Clear GA Clear ALZ
Initiative DisplayName
Initiative Id
Initiative Category
State
Type
polSet in AzUSGov
Enforce recommended guardrails for SQL and SQL Managed Instance
Enforce-Guardrails-SQL
SQL
GA ALZ
No results
History
Date/Time (UTC ymd) (i)
Change type
Change detail
2022-07-22 16:34:49
change
Minor (1.2.0 > 1.3.0)
2021-06-08 15:17:13
change
Minor (1.1.0 > 1.2.0)
2021-04-27 15:38:15
change
Minor (1.0.0 > 1.1.0)
JSON compareHide
compare mode:
side-by-side
line-by-line
version left: 1.2.0 1.1.0 1.0.0
version right: 1.3.0 1.2.0 1.1.0 1.0.0
@@ -3,9 +3,9 @@
3
"policyType": "BuiltIn",
4
"mode": "Indexed",
5
"description": "This policy enables Advanced Data Security on SQL Servers. This includes turning on Threat Detection and Vulnerability Assessment. It will automatically create a storage account in the same region and resource group as the SQL server to store scan results, with a 'sqlva' prefix.",
6
"metadata": {
7
-
"version": "1.2.0",
8
"category": "SQL"
9
},
10
"parameters": {},
11
"policyRule": {
@@ -67,9 +67,9 @@
67
"type": "Microsoft.Sql/servers/securityAlertPolicies",
68
"apiVersion": "2017-03-01-preview",
69
"properties": {
70
"state": "Enabled",
71
-
"emailAccountAdmins": true
72
}
73
},
74
{
75
"name": "[concat(parameters('serverName'), '/Default')]",
3
"policyType": "BuiltIn",
4
"mode": "Indexed",
5
"description": "This policy enables Advanced Data Security on SQL Servers. This includes turning on Threat Detection and Vulnerability Assessment. It will automatically create a storage account in the same region and resource group as the SQL server to store scan results, with a 'sqlva' prefix.",
6
"metadata": {
7
+
"version": "1.3 .0",
8
"category": "SQL"
9
},
10
"parameters": {},
11
"policyRule": {
67
"type": "Microsoft.Sql/servers/securityAlertPolicies",
68
"apiVersion": "2017-03-01-preview",
69
"properties": {
70
"state": "Enabled",
71
+
"emailAccountAdmins": false
72
}
73
},
74
{
75
"name": "[concat(parameters('serverName'), '/Default')]",
JSON
api-version=2021-06-01
Copy definition Copy definition 4 EPAC EPAC
{ 7 items displayName: "Deploy Advanced Data Security on SQL servers" , policyType: "BuiltIn" , mode: "Indexed" , description: "This policy enables Advanced Data Security on SQL Servers. This includes turning on Threat Detection and Vulnerability Assessment. It will automatically create a storage account in the same region and resource group as the SQL server to store scan results, with a 'sqlva' prefix." , metadata: { 2 items version: "1.3.0" , category: "SQL" } , parameters : {} , policyRule: { 2 items if: { 2 items field: "type" , equals: "Microsoft.Sql/servers" } , then: { 2 items effect: "DeployIfNotExists" , details: { 5 items type: "Microsoft.Sql/servers/securityAlertPolicies" , name: "Default" , existenceCondition: { 2 items field: "Microsoft.Sql/securityAlertPolicies.state" , equals: "Enabled" } , roleDefinitionIds: [ 2 items ] , deployment: { 1 item properties: { 3 items mode: "incremental" , template: { 5 items $schema: "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" , contentVersion: "1.0.0.0" , parameters: { 2 items } , variables: { 4 items serverResourceGroupName: "[resourceGroup().name]" , subscriptionId: "[subscription().subscriptionId]" , uniqueStorage: 🔍 "[
uniqueString(
variables(
'subscriptionId'
),
variables(
'serverResourceGroupName'
),
parameters('location')
)
]", storageName: 🔍 "[
tolower(
concat(
'sqlva',
variables(
'uniqueStorage'
)
)
)
]" } , resources: [ 3 items { 7 items type: "Microsoft.Storage/storageAccounts" , name: "[variables('storageName')]" , apiVersion: "2019-04-01" , location: "[parameters('location')]" , sku: { 1 item } , kind: "StorageV2" , properties: { 3 items minimumTlsVersion: "TLS1_2" , supportsHttpsTrafficOnly: "true" , allowBlobPublicAccess: "false" } } , { 4 items name: 🔍 "[
concat(
parameters('serverName'),
'/Default'
)
]", type: "Microsoft.Sql/servers/securityAlertPolicies" , apiVersion: "2017-03-01-preview" , properties: { 2 items state: "Enabled" , emailAccountAdmins: false } } , { 5 items name: 🔍 "[
concat(
parameters('serverName'),
'/Default'
)
]", type: "Microsoft.Sql/servers/vulnerabilityAssessments" , apiVersion: "2018-06-01-preview" , properties: { 3 items storageContainerPath: 🔍 "[
concat(
reference(
resourceId(
'Microsoft.Storage/storageAccounts',
variables(
'storageName'
)
)
).primaryEndpoints.blob,
'vulnerability-assessment'
)
]", storageAccountAccessKey: 🔍 "[
listKeys(
resourceId(
'Microsoft.Storage/storageAccounts',
variables(
'storageName'
)
),
'2018-02-01'
).keys[
0
].value
]", recurringScans: { 3 items isEnabled: true , emailSubscriptionAdmins: true , emails : [] } } , dependsOn: [ 2 items 🔍 "[
concat(
'Microsoft.Storage/storageAccounts/',
variables(
'storageName'
)
)
]", 🔍 "[
concat(
'Microsoft.Sql/servers/',
parameters('serverName'),
'/securityAlertPolicies/Default'
)
]"] } ] } , parameters: { 2 items } } } } } } }