last sync: 2021-Oct-15 16:53:12 UTC

Azure Policy definition

Configure Azure Defender to be enabled on SQL managed instances

Name Configure Azure Defender to be enabled on SQL managed instances
Azure Portal
Id c5a62eb0-c65a-4220-8a4d-f70dd4ca95dd
Version 2.0.0
details on versioning
Category SQL
Microsoft docs
Description Enable Azure Defender on your Azure SQL Managed Instances to detect anomalous activities indicating unusual and potentially harmful attempts to access or exploit databases.
Mode Indexed
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default: DeployIfNotExists
Allowed: (DeployIfNotExists, Disabled)
Used RBAC Role
Role Name Role Id
SQL Security Manager 056cd41c-7e88-42e1-933e-88ba6a50c9c3
History
Date/Time (UTC ymd) (i) Change type Change detail
2021-08-23 14:26:16 change Major (1.0.0 > 2.0.0)
2021-07-30 15:17:20 add c5a62eb0-c65a-4220-8a4d-f70dd4ca95dd
Used in Initiatives
Initiative DisplayName Initiative Id Initiative Category State
Configure Azure Defender to be enabled on SQL Servers and SQL Managed Instances 9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97 Security Center GA
JSON Changes

JSON
{
  "displayName": "Configure Azure Defender to be enabled on SQL managed instances",
  "policyType": "BuiltIn",
  "mode": "Indexed",
  "description": "Enable Azure Defender on your Azure SQL Managed Instances to detect anomalous activities indicating unusual and potentially harmful attempts to access or exploit databases.",
  "metadata": {
    "version": "2.0.0",
    "category": "SQL"
  },
  "parameters": {
    "effect": {
      "type": "String",
      "metadata": {
        "displayName": "Effect",
        "description": "Enable or disable the execution of the policy"
      },
      "allowedValues": [
        "DeployIfNotExists",
        "Disabled"
      ],
      "defaultValue": "DeployIfNotExists"
    }
  },
  "policyRule": {
    "if": {
      "field": "type",
      "equals": "Microsoft.Sql/managedInstances"
    },
    "then": {
      "effect": "[parameters('effect')]",
      "details": {
        "type": "Microsoft.Sql/managedInstances/securityAlertPolicies",
        "name": "Default",
        "evaluationDelay": "AfterProvisioning",
        "existenceCondition": {
          "field": "Microsoft.Sql/managedInstances/securityAlertPolicies/state",
          "equals": "Enabled"
        },
        "roleDefinitionIds": [
          "/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3"
        ],
        "deployment": {
          "properties": {
            "mode": "incremental",
            "template": {
              "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
              "contentVersion": "1.0.0.0",
              "parameters": {
                "instanceName": {
                  "type": "string"
                }
              },
              "variables": {},
              "resources": [
                {
                  "name": "[concat(parameters('instanceName'), '/Default')]",
                  "type": "Microsoft.Sql/managedInstances/securityAlertPolicies",
                  "apiVersion": "2020-11-01-preview",
                  "properties": {
                    "state": "Enabled"
                  }
                }
              ]
            },
            "parameters": {
              "instanceName": {
                "value": "[field('name')]"
              }
            }
          }
        }
      }
    }
  }
}