last sync: 2020-Sep-28 14:58:36 UTC

Azure Policy

Enforce SSL connection should be enabled for MySQL database servers

Policy DisplayName Enforce SSL connection should be enabled for MySQL database servers
Policy Id e802a67a-daf5-4436-9ea6-f6d821dd0c5d
Policy Category SQL
Policy Description This policy audits any MySQL server that is not enforcing SSL connection. Azure Database for MySQL supports connecting your Azure Database for MySQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application.
Policy Mode Indexed
Policy Type BuiltIn
Policy in Preview FALSE
Policy Deprecated FALSE
Policy Effect Default: Audit
Allowed: (Audit,Disabled)
Roles used none
Policy Changes no changes
Used in Policy Initiative(s)
Initiative DisplayName Initiative Id
CIS Microsoft Azure Foundations Benchmark 1.1.0 1a5bb27d-173f-493e-9568-eb56638dde4d
[Preview]: Azure Security Benchmark 42a694ed-f65e-42b2-aa9e-8052e9740a92
HITRUST/HIPAA a169a624-5599-4385-a696-c8d643089fab
Policy Rule
{
  "properties": {
    "displayName": "Enforce SSL connection should be enabled for MySQL database servers",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "This policy audits any MySQL server that is not enforcing SSL connection. Azure Database for MySQL supports connecting your Azure Database for MySQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application.",
    "metadata": {
      "version": "1.0.0",
      "category": "SQL"
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "Audit",
          "Disabled"
        ],
        "defaultValue": "Audit"
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.DBforMySQL/servers"
          },
          {
            "field": "Microsoft.DBforMySQL/servers/sslEnforcement",
            "exists": "true"
          },
          {
            "field": "Microsoft.DBforMySQL/servers/sslEnforcement",
            "notEquals": "Enabled"
          }
        ]
      },
      "then": {
      "effect": "[parameters('effect')]"
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/e802a67a-daf5-4436-9ea6-f6d821dd0c5d",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "e802a67a-daf5-4436-9ea6-f6d821dd0c5d"
}