last sync: 2024-Jun-24 18:15:26 UTC

SQL Server should use a virtual network service endpoint

Azure BuiltIn Policy definition

Source Azure Portal
Display name SQL Server should use a virtual network service endpoint
Id ae5d2f14-d830-42b6-9899-df6cfe9c71a3
Version 1.0.0
Details on versioning
Category Network
Microsoft Learn
Description This policy audits any SQL Server not configured to use a virtual network service endpoint.
Mode Indexed
Type BuiltIn
Preview False
Deprecated False
Effect Default
AuditIfNotExists, Disabled
RBAC role(s) none
Rule aliases THEN-ExistenceCondition (1)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.Sql/servers/virtualNetworkRules/virtualNetworkSubnetId Microsoft.Sql servers/virtualNetworkRules properties.virtualNetworkSubnetId True False
Rule resource types IF (1)
The following 7 compliance controls are associated with this Policy definition 'SQL Server should use a virtual network service endpoint' (ae5d2f14-d830-42b6-9899-df6cfe9c71a3)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
Azure_Security_Benchmark_v1.0 1.1 Azure_Security_Benchmark_v1.0_1.1 Azure Security Benchmark 1.1 Network Security Protect resources using Network Security Groups or Azure Firewall on your Virtual Network Customer Ensure that all Virtual Network subnet deployments have a Network Security Group applied with network access controls specific to your application's trusted ports and sources. Use Azure Services with Private Link enabled, deploy the service inside your Vnet, or connect privately using Private Endpoints. For service specific requirements, please refer to the security recommendation for that specific service. Alternatively, if you have a specific use case, requirements can be met by implementing Azure Firewall. General Information on Private Link: How to create a Virtual Network: How to create an NSG with a security configuration: How to deploy and configure Azure Firewall: n/a link 21
hipaa 0805.01m1Organizational.12-01.m hipaa-0805.01m1Organizational.12-01.m 0805.01m1Organizational.12-01.m 08 Network Protection 0805.01m1Organizational.12-01.m 01.04 Network Access Control Shared n/a The organization's security gateways (e.g., firewalls) (i) enforce security policies; (ii) are configured to filter traffic between domains; (iii) block unauthorized access; (iv) are used to maintain segregation between internal wired, internal wireless, and external network segments (e.g., the Internet), including DMZs; and, (vi) enforce access control policies for each of the domains. 12
hipaa 0806.01m2Organizational.12356-01.m hipaa-0806.01m2Organizational.12356-01.m 0806.01m2Organizational.12356-01.m 08 Network Protection 0806.01m2Organizational.12356-01.m 01.04 Network Access Control Shared n/a The organization’s network is logically and physically segmented with a defined security perimeter and a graduated set of controls, including subnetworks for publicly accessible system components that are logically separated from the internal network, based on organizational requirements; traffic is controlled based on functionality required and classification of the data/systems based on a risk assessment and their respective security requirements. 13
hipaa 0862.09m2Organizational.8-09.m hipaa-0862.09m2Organizational.8-09.m 0862.09m2Organizational.8-09.m 08 Network Protection 0862.09m2Organizational.8-09.m 09.06 Network Security Management Shared n/a The organization ensures information systems protect the confidentiality and integrity of transmitted information, including during preparation for transmission and during reception. 4
hipaa 0894.01m2Organizational.7-01.m hipaa-0894.01m2Organizational.7-01.m 0894.01m2Organizational.7-01.m 08 Network Protection 0894.01m2Organizational.7-01.m 01.04 Network Access Control Shared n/a Networks are segregated from production-level networks when migrating physical servers, applications, or data to virtualized servers. 19
RMiT_v1.0 10.39 RMiT_v1.0_10.39 RMiT 10.39 Network Resilience Network Resilience - 10.39 Shared n/a A financial institution must implement appropriate safeguards to minimise the risk of a system compromise in one entity affecting other entities within the group. Safeguards implemented may include establishing logical network segmentation for the financial institution from other entities within the group. link 3
SWIFT_CSCF_v2021 1.1 SWIFT_CSCF_v2021_1.1 SWIFT CSCF v2021 1.1 SWIFT Environment Protection SWIFT Environment Protection n/a Ensure the protection of the user's local SWIFT infrastructure from potentially compromised elements of the general IT environment and external environment. link 30
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
[Deprecated]: Azure Security Benchmark v1 42a694ed-f65e-42b2-aa9e-8052e9740a92 Regulatory Compliance Deprecated BuiltIn
[Preview]: Control the use of Microsoft SQL in a Virtual Enclave 0fbe78a5-1722-4f1b-83a5-89c14151fa60 VirtualEnclaves Preview BuiltIn
[Preview]: SWIFT CSP-CSCF v2021 abf84fac-f817-a70c-14b5-47eec767458a Regulatory Compliance Preview BuiltIn
HITRUST/HIPAA a169a624-5599-4385-a696-c8d643089fab Regulatory Compliance GA BuiltIn
RMIT Malaysia 97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6 Regulatory Compliance GA BuiltIn
Date/Time (UTC ymd) (i) Change type Change detail
2019-10-11 00:02:54 add ae5d2f14-d830-42b6-9899-df6cfe9c71a3
JSON compare n/a