last sync: 2020-Aug-05 13:05:29 UTC

Azure Policy

Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet

Policy DisplayName Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet
Policy Id 77e8b146-0078-4fb2-b002-e112381199f0
Policy Category SQL
Policy Description Virtual network based firewall rules are used to enable traffic from a specific subnet to Azure SQL Database while ensuring the traffic stays within the Azure boundary.
Policy Mode Indexed
Policy Type BuiltIn
Policy in Preview FALSE
Policy Deprecated FALSE
Policy Effect Fixed: AuditIfNotExists
Roles used none
Policy Changes
Date/Time (UTC ymd) (i) Change Change detail
2020-07-08 14:28:08 add: Policy 77e8b146-0078-4fb2-b002-e112381199f0
Used in Policy Initiative(s) none
Policy Rule
{
  "properties": {
    "displayName": "Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "Virtual network based firewall rules are used to enable traffic from a specific subnet to Azure SQL Database while ensuring the traffic stays within the Azure boundary.",
    "metadata": {
      "version": "1.0.0",
      "category": "SQL"
    },
    "parameters": {
      "subnetId": {
        "type": "String",
        "metadata": {
          "displayName": "Subnet ID",
          "strongType": "Microsoft.Network/virtualNetworks/subnets",
          "description": "The resource ID of the virtual network subnet that should have a rule enabled. Example: /subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Default/providers/Microsoft.Network/virtualNetworks/testvnet/subnets/testsubnet"
        }
      }
    },
    "policyRule": {
      "if": {
        "field": "type",
        "equals": "Microsoft.Sql/servers"
      },
      "then": {
        "effect": "AuditIfNotExists",
        "details": {
          "type": "Microsoft.Sql/servers/virtualNetworkRules",
          "existenceCondition": {
            "field": "Microsoft.Sql/servers/virtualNetworkRules/virtualNetworkSubnetId",
          "equals": "[parameters('subnetId')]"
          }
        }
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/77e8b146-0078-4fb2-b002-e112381199f0",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "77e8b146-0078-4fb2-b002-e112381199f0"
}