last sync: 2024-Apr-24 17:46:58 UTC

Configure Azure SQL Server to enable private endpoint connections

Azure BuiltIn Policy definition

Source Azure Portal
Display name Configure Azure SQL Server to enable private endpoint connections
Id 8e8ca470-d980-4831-99e6-dc70d9f6af87
Version 1.0.0
Details on versioning
Category SQL
Microsoft Learn
Description A private endpoint connection enables private connectivity to your Azure SQL Database via a private IP address inside a virtual network. This configuration improves your security posture and supports Azure networking tools and scenarios.
Mode Indexed
Type BuiltIn
Preview False
Deprecated False
Effect Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
RBAC role(s)
Role Name Role Id
Network Contributor 4d97b98b-1d4f-4787-a291-c67834d212e7
SQL Server Contributor 6d8ee4ec-f05a-4a1d-8b00-a9b17e38b437
Rule aliases IF (2)
Alias Namespace ResourceType DefaultPath Modifiable
Microsoft.Sql/servers/privateEndpointConnections[*] Microsoft.Sql servers properties.privateEndpointConnections[*] false
Microsoft.Sql/servers/privateEndpointConnections[*].id Microsoft.Sql servers properties.privateEndpointConnections[*].id false
Rule resource types IF (1)
Microsoft.Sql/servers
THEN-Deployment (2)
Microsoft.Network/privateEndpoints
Microsoft.Resources/deployments
Compliance
The following 2 compliance controls are associated with this Policy definition 'Configure Azure SQL Server to enable private endpoint connections' (8e8ca470-d980-4831-99e6-dc70d9f6af87)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
RMiT_v1.0 10.33 RMiT_v1.0_10.33 RMiT 10.33 Network Resilience Network Resilience - 10.33 Shared n/a A financial institution must design a reliable, scalable and secure enterprise network that is able to support its business activities, including future growth plans. link 28
RMiT_v1.0 Appendix_5.7 RMiT_v1.0_Appendix_5.7 RMiT Appendix 5.7 Control Measures on Cybersecurity Control Measures on Cybersecurity - Appendix 5.7 Customer n/a Ensure overall network security controls are implemented including the following: (a) dedicated firewalls at all segments. All external-facing firewalls must be deployed on High Availability (HA) configuration and “fail-close” mode activated. Deploy different brand name/model for two firewalls located in sequence within the same network path; (b) IPS at all critical network segments with the capability to inspect and monitor encrypted network traffic; (c) web and email filtering systems such as web-proxy, spam filter and anti-spoofing controls; (d) endpoint protection solution to detect and remove security threats including viruses and malicious software; (e) solution to mitigate advanced persistent threats including zero-day and signatureless malware; and (f) capture the full network packets to rebuild relevant network sessions to aid forensics in the event of incidents. link 27
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
RMIT Malaysia 97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6 Regulatory Compliance GA BuiltIn
History
Date/Time (UTC ymd) (i) Change type Change detail
2021-03-02 15:11:40 add 8e8ca470-d980-4831-99e6-dc70d9f6af87
JSON compare n/a
JSON
api-version=2021-06-01
EPAC