last sync: 2021-May-14 16:08:20 UTC

Azure Policy definition

[Preview]: Sensitive data in your SQL databases should be classified

Name [Preview]: Sensitive data in your SQL databases should be classified
Azure Portal
Id cc9835f2-9f6b-4cc8-ab4a-f8ef615eb349
Version 3.0.0-preview
details on versioning
Category Security Center
Microsoft docs
Description Azure Security Center monitors the data discovery and classification scan results for your SQL databases and provides recommendations to classify the sensitive data in your databases for better monitoring and security
Mode Indexed
Type BuiltIn
Preview True
Deprecated FALSE
Effect Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
Used RBAC Role none
History
Date/Time (UTC ymd) (i) Change type Change detail
2021-01-05 16:06:49 change Major, suffix remains equal (2.0.0-preview > 3.0.0-preview)
Used in Initiatives
Initiative DisplayName Initiative Id Initiative Category State
[Deprecated]: Azure Security Benchmark v1 42a694ed-f65e-42b2-aa9e-8052e9740a92 Regulatory Compliance Deprecated
[Deprecated]: Azure Security Benchmark v2 bb522ac1-bc39-4957-b194-429bcd3bcb0b Regulatory Compliance Deprecated
Azure Security Benchmark 1f3afdf9-d0c9-4c3d-847f-89da613e70a8 Security Center GA
JSON Changes

JSON
{
  "properties": {
  "displayName": "[Preview]: Sensitive data in your SQL databases should be classified",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "Azure Security Center monitors the data discovery and classification scan results for your SQL databases and provides recommendations to classify the sensitive data in your databases for better monitoring and security",
    "metadata": {
      "version": "3.0.0-preview",
      "category": "Security Center",
      "preview": true
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      }
    },
    "policyRule": {
      "if": {
        "field": "type",
        "in": [
          "Microsoft.Sql/servers/databases",
          "Microsoft.Sql/managedInstances/databases"
        ]
      },
      "then": {
      "effect": "[parameters('effect')]",
        "details": {
          "type": "Microsoft.Security/assessments",
          "name": "b0df6f56-862d-4730-8597-38c0fd4ebd59",
          "existenceCondition": {
            "field": "Microsoft.Security/assessments/status.code",
            "in": [
              "NotApplicable",
              "Healthy"
            ]
          }
        }
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/cc9835f2-9f6b-4cc8-ab4a-f8ef615eb349",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "cc9835f2-9f6b-4cc8-ab4a-f8ef615eb349"
}