last sync: 2024-Jul-16 18:17:33 UTC

Azure SQL Database should have Microsoft Entra-only authentication enabled during creation

Azure BuiltIn Policy definition

Source Azure Portal
Display name Azure SQL Database should have Microsoft Entra-only authentication enabled during creation
Id abda6d70-9778-44e7-84a8-06713e6db027
Version 1.2.0
Details on versioning
Category SQL
Microsoft Learn
Description Require Azure SQL logical servers to be created with Microsoft Entra-only authentication. This policy doesn't block local authentication from being re-enabled on resources after create. Consider using the 'Microsoft Entra-only authentication' initiative instead to require both. Learn more at:
Mode Indexed
Type BuiltIn
Preview False
Deprecated False
Effect Default
Audit, Deny, Disabled
RBAC role(s) none
Rule aliases IF (1)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.Sql/servers/administrators.azureADOnlyAuthentication Microsoft.Sql servers properties.administrators.azureADOnlyAuthentication True False
Rule resource types IF (1)
The following 1 compliance controls are associated with this Policy definition 'Azure SQL Database should have Microsoft Entra-only authentication enabled during creation' (abda6d70-9778-44e7-84a8-06713e6db027)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
Azure_Security_Benchmark_v3.0 IM-1 Azure_Security_Benchmark_v3.0_IM-1 Microsoft cloud security benchmark IM-1 Identity Management Use centralized identity and authentication system Shared **Security Principle:** Use a centralized identity and authentication system to govern your organization's identities and authentications for cloud and non-cloud resources. **Azure Guidance:** Microsoft Entra ID is Azure's identity and authentication management service. You should standardize on Microsoft Entra ID to govern your organization's identity and authentication in: - Microsoft cloud resources, such as the Azure Storage, Azure Virtual Machines (Linux and Windows), Azure Key Vault, PaaS, and SaaS applications. - Your organization's resources, such as applications on Azure, third-party applications running on your corporate network resources, and third-party SaaS applications. - Your enterprise identities in Active Directory by synchronization to Microsoft Entra ID to ensure a consistent and centrally managed identity strategy. Note: As soon as it is technically feasible, you should migrate on-premises Active Directory based applications to Microsoft Entra ID. This could be a Microsoft Entra Enterprise Directory, Business to Business configuration, or Business to consumer configuration. **Implementation and additional context:** Tenancy in Microsoft Entra ID: How to create and configure a Microsoft Entra instance: Define Microsoft Entra ID tenants: Use external identity providers for an application: n/a link 15
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
[Preview]: Control the use of Microsoft SQL in a Virtual Enclave 0fbe78a5-1722-4f1b-83a5-89c14151fa60 VirtualEnclaves Preview BuiltIn
Azure SQL Database should have Microsoft Entra-only authentication a55e4a7e-1b9c-43ef-b4b3-642f303804d6 SQL GA BuiltIn
Enforce recommended guardrails for SQL and SQL Managed Instance Enforce-Guardrails-SQL SQL GA ALZ
Microsoft cloud security benchmark 1f3afdf9-d0c9-4c3d-847f-89da613e70a8 Security Center GA BuiltIn
Date/Time (UTC ymd) (i) Change type Change detail
2024-01-24 19:15:51 change Minor (1.1.0 > 1.2.0)
2023-10-31 19:02:40 change Minor (1.0.0 > 1.1.0)
2021-08-13 17:07:49 add abda6d70-9778-44e7-84a8-06713e6db027
JSON compare
compare mode: version left: version right: