last sync: 2020-Jul-02 13:28:37 UTC

Azure Policy

Bring your own key data protection should be enabled for MySQL servers

Policy DisplayName Bring your own key data protection should be enabled for MySQL servers
Policy Id 83cef61d-dbd1-4b20-a4fc-5fbc7da10833
Policy Category SQL
Policy Description This policy audits MySQL servers in your environment without bring your own key data protection enabled. For more details, visit https://aka.ms/mysqlbyok.
Policy Mode Indexed
Policy Type BuiltIn
Policy in Preview FALSE
Policy Deprecated FALSE
Policy Effect Default: AuditIfNotExists
Allowed: (AuditIfNotExists,Disabled)
Roles used none
Policy Changes
Date/Time (UTC ymd) (i) Change Change detail
2020-04-28 14:50:57 add: Policy 83cef61d-dbd1-4b20-a4fc-5fbc7da10833
Used in Policy Initiative(s) none
Policy Rule
{
  "properties": {
    "displayName": "Bring your own key data protection should be enabled for MySQL servers",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "This policy audits MySQL servers in your environment without bring your own key data protection enabled. For more details, visit https://aka.ms/mysqlbyok.",
    "metadata": {
      "version": "1.0.0",
      "category": "SQL"
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      }
    },
    "policyRule": {
      "if": {
        "field": "type",
        "equals": "Microsoft.DBforMySQL/servers"
      },
      "then": {
      "effect": "[parameters('effect')]",
        "details": {
          "type": "Microsoft.DBforMySQL/servers/keys",
          "existenceCondition": {
            "allOf": [
              {
                "field": "Microsoft.DBforMySQL/servers/keys/serverKeyType",
                "equals": "AzureKeyVault"
              },
              {
                "field": "Microsoft.DBforMySQL/servers/keys/uri",
                "notEquals": ""
              },
              {
                "field": "Microsoft.DBforMySQL/servers/keys/uri",
                "exists": "true"
              }
            ]
          }
        }
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/83cef61d-dbd1-4b20-a4fc-5fbc7da10833",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "83cef61d-dbd1-4b20-a4fc-5fbc7da10833"
}