last sync: 2024-May-24 18:03:04 UTC

Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation

Azure BuiltIn Policy definition

Source Azure Portal
Display name Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation
Id 78215662-041e-49ed-a9dd-5385911b3a1f
Version 1.2.0
Details on versioning
Category SQL
Microsoft Learn
Description Require Azure SQL Managed Instance to be created with Microsoft Entra-only authentication. This policy doesn't block local authentication from being re-enabled on resources after create. Consider using the 'Microsoft Entra-only authentication' initiative instead to require both. Learn more at: https://aka.ms/adonlycreate.
Mode Indexed
Type BuiltIn
Preview False
Deprecated False
Effect Default
Audit
Allowed
Audit, Deny, Disabled
RBAC role(s) none
Rule aliases IF (1)
Alias Namespace ResourceType DefaultPath Modifiable
Microsoft.Sql/managedInstances/administrators.azureADOnlyAuthentication Microsoft.Sql managedInstances properties.administrators.azureADOnlyAuthentication false
Rule resource types IF (1)
Microsoft.Sql/managedInstances
Compliance
The following 1 compliance controls are associated with this Policy definition 'Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation' (78215662-041e-49ed-a9dd-5385911b3a1f)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
Azure_Security_Benchmark_v3.0 IM-1 Azure_Security_Benchmark_v3.0_IM-1 Microsoft cloud security benchmark IM-1 Identity Management Use centralized identity and authentication system Shared **Security Principle:** Use a centralized identity and authentication system to govern your organization's identities and authentications for cloud and non-cloud resources. **Azure Guidance:** Microsoft Entra ID is Azure's identity and authentication management service. You should standardize on Microsoft Entra ID to govern your organization's identity and authentication in: - Microsoft cloud resources, such as the Azure Storage, Azure Virtual Machines (Linux and Windows), Azure Key Vault, PaaS, and SaaS applications. - Your organization's resources, such as applications on Azure, third-party applications running on your corporate network resources, and third-party SaaS applications. - Your enterprise identities in Active Directory by synchronization to Microsoft Entra ID to ensure a consistent and centrally managed identity strategy. Note: As soon as it is technically feasible, you should migrate on-premises Active Directory based applications to Microsoft Entra ID. This could be a Microsoft Entra Enterprise Directory, Business to Business configuration, or Business to consumer configuration. **Implementation and additional context:** Tenancy in Microsoft Entra ID: https://docs.microsoft.com/azure/active-directory/develop/single-and-multi-tenant-apps How to create and configure a Microsoft Entra instance: https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-access-create-new-tenant Define Microsoft Entra ID tenants: https://azure.microsoft.com/resources/securing-azure-environments-with-azure-active-directory/ Use external identity providers for an application: https://docs.microsoft.com/azure/active-directory/b2b/identity-providers n/a link 14
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
[Preview]: Control the use of Microsoft SQL in a Virtual Enclave 0fbe78a5-1722-4f1b-83a5-89c14151fa60 VirtualEnclaves Preview BuiltIn
Azure SQL Managed Instance should have Microsoft Entra-only authentication 9b8d8228-e8cc-4c95-8d98-47f32df40b5e SQL GA BuiltIn
Microsoft cloud security benchmark 1f3afdf9-d0c9-4c3d-847f-89da613e70a8 Security Center GA BuiltIn
History
Date/Time (UTC ymd) (i) Change type Change detail
2024-01-24 19:15:51 change Minor (1.1.0 > 1.2.0)
2023-10-31 19:02:40 change Minor (1.0.0 > 1.1.0)
2021-08-13 17:07:49 add 78215662-041e-49ed-a9dd-5385911b3a1f
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC