last sync: 2021-Oct-15 16:53:12 UTC

Azure Policy definition

Configure Arc-enabled machines running SQL Server to have SQL Server extension installed.

Name Configure Arc-enabled machines running SQL Server to have SQL Server extension installed.
Azure Portal
Id fd2d1a6e-6d95-4df2-ad00-504bf0273406
Version 2.0.0
details on versioning
Category SQL
Microsoft docs
Description To ensure that SQL Server - Azure Arc resources are created by default when SQL Server instance is found on Azure Arc enabled windows server, the latter should have SQL Server extension installed and the server's managed identity should be configured with Azure Connected SQL Server Onboarding role
Mode Indexed
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default: DeployIfNotExists
Allowed: (DeployIfNotExists, Disabled)
Used RBAC Role
Role Name Role Id
Log Analytics Contributor 92aaf0da-9dab-42b6-94a3-d43ce8d16293
User Access Administrator 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9
History
Date/Time (UTC ymd) (i) Change type Change detail
2021-09-27 15:52:17 change Major (1.0.1 > 2.0.0)
2021-09-08 15:39:57 change Patch (1.0.0 > 1.0.1) *changes on text case sensitivity are not tracked
2021-08-09 19:32:42 add fd2d1a6e-6d95-4df2-ad00-504bf0273406
Used in Initiatives none
JSON Changes

JSON
{
  "displayName": "Configure Arc-enabled machines running SQL Server to have SQL Server extension installed.",
  "policyType": "BuiltIn",
  "mode": "Indexed",
  "description": "To ensure that SQL Server - Azure Arc resources are created by default when SQL Server instance is found on Azure Arc enabled windows server, the latter should have SQL Server extension installed and the server's managed identity should be configured with Azure Connected SQL Server Onboarding role",
  "metadata": {
    "version": "2.0.0",
    "category": "SQL"
  },
  "parameters": {
    "effect": {
      "type": "String",
      "metadata": {
        "displayName": "Effect",
        "description": "Enable or disable the execution of the policy"
      },
      "allowedValues": [
        "DeployIfNotExists",
        "Disabled"
      ],
      "defaultValue": "DeployIfNotExists"
    }
  },
  "policyRule": {
    "if": {
      "allOf": [
        {
          "field": "type",
          "equals": "Microsoft.HybridCompute/machines"
        },
        {
          "field": "Microsoft.HybridCompute/imageOffer",
          "like": "windows*"
        },
        {
          "field": "Microsoft.HybridCompute/machines/mssqlDiscovered",
          "equals": "true"
        }
      ]
    },
    "then": {
      "effect": "[parameters('effect')]",
      "details": {
        "type": "Microsoft.HybridCompute/machines/extensions",
        "roleDefinitionIds": [
          "/providers/Microsoft.Authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293",
          "/providers/Microsoft.Authorization/roleDefinitions/18d7d88d-d35e-4fb5-a5c3-7773c20a72d9"
        ],
        "existenceCondition": {
          "allOf": [
            {
              "field": "Microsoft.HybridCompute/machines/extensions/type",
              "equals": "WindowsAgent.SqlServer"
            },
            {
              "field": "Microsoft.HybridCompute/machines/extensions/publisher",
              "equals": "Microsoft.AzureData"
            },
            {
              "field": "Microsoft.HybridCompute/machines/extensions/provisioningState",
              "equals": "Succeeded"
            }
          ]
        },
        "deployment": {
          "properties": {
            "mode": "incremental",
            "template": {
              "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
              "contentVersion": "1.0.0.0",
              "parameters": {
                "vmName": {
                  "type": "string"
                },
                "location": {
                  "type": "string"
                }
              },
              "variables": {
                "vmExtensionName": "WindowsAgent.SqlServer",
                "vmExtensionPublisher": "Microsoft.AzureData",
                "vmExtensionType": "WindowsAgent.SqlServer"
              },
              "resources": [
                {
                  "type": "Microsoft.Authorization/roleAssignments",
                  "apiVersion": "2018-09-01-preview",
                  "name": "[guid(resourceGroup().id, parameters('vmName'), deployment().name)]",
                  "properties": {
                    "roleDefinitionId": "/providers/Microsoft.Authorization/roleDefinitions/e8113dcec5294d3391fae9b972617508",
                    "principalId": "[reference(resourceId('Microsoft.HybridCompute/machines', parameters('vmName')), '2021-06-10-preview', 'Full').identity.principalId]"
                  }
                },
                {
                  "name": "[concat(parameters('vmName'), '/', variables('vmExtensionName'))]",
                  "type": "Microsoft.HybridCompute/machines/extensions",
                  "location": "[parameters('location')]",
                  "apiVersion": "2019-12-12",
                  "properties": {
                    "publisher": "[variables('vmExtensionPublisher')]",
                    "type": "[variables('vmExtensionType')]",
                    "settings": {
                      "SqlManagement": {
                        "IsEnabled": true
                      },
                      "ExcludedInstances": []
                    }
                  }
                }
              ],
              "outputs": {
                "policy": {
                  "type": "string",
                  "value": "[concat('Enabled extension for VM', ': ', parameters('vmName'))]"
                }
              }
            },
            "parameters": {
              "vmName": {
                "value": "[field('name')]"
              },
              "location": {
                "value": "[field('location')]"
              }
            }
          }
        }
      }
    }
  }
}