last sync: 2020-Oct-30 14:31:57 UTC

Azure Policy definition

Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet

Name Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet
Azure Portal
Id 77e8b146-0078-4fb2-b002-e112381199f0
Version 1.0.0
details on versioning
Category SQL
Microsoft docs
Description Virtual network based firewall rules are used to enable traffic from a specific subnet to Azure SQL Database while ensuring the traffic stays within the Azure boundary.
Mode Indexed
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Fixed: AuditIfNotExists
Used RBAC Role none
History
Date/Time (UTC ymd) (i) Change type Change detail
2020-07-08 14:28:08 add 77e8b146-0078-4fb2-b002-e112381199f0
Used in Initiatives none
Json
{
  "properties": {
    "displayName": "Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "Virtual network based firewall rules are used to enable traffic from a specific subnet to Azure SQL Database while ensuring the traffic stays within the Azure boundary.",
    "metadata": {
      "version": "1.0.0",
      "category": "SQL"
    },
    "parameters": {
      "subnetId": {
        "type": "String",
        "metadata": {
          "displayName": "Subnet ID",
          "strongType": "Microsoft.Network/virtualNetworks/subnets",
          "description": "The resource ID of the virtual network subnet that should have a rule enabled. Example: /subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Default/providers/Microsoft.Network/virtualNetworks/testvnet/subnets/testsubnet"
        }
      }
    },
    "policyRule": {
      "if": {
        "field": "type",
        "equals": "Microsoft.Sql/servers"
      },
      "then": {
        "effect": "AuditIfNotExists",
        "details": {
          "type": "Microsoft.Sql/servers/virtualNetworkRules",
          "existenceCondition": {
            "field": "Microsoft.Sql/servers/virtualNetworkRules/virtualNetworkSubnetId",
          "equals": "[parameters('subnetId')]"
          }
        }
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/77e8b146-0078-4fb2-b002-e112381199f0",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "77e8b146-0078-4fb2-b002-e112381199f0"
}