AzInitiativeAdvertizer

last sync: 2024-Jul-26 18:18:00 UTC

[Preview]: Control the use of Microsoft SQL in a Virtual Enclave

Azure BuiltIn Policy Initiative (PolicySet)

Source Azure Portal
Display name[Preview]: Control the use of Microsoft SQL in a Virtual Enclave
Id0fbe78a5-1722-4f1b-83a5-89c14151fa60
Version1.0.0-preview
Details on versioning
CategoryVirtualEnclaves
Microsoft Learn
DescriptionThis initiative deploys Azure policies for Microsoft SQL ensuring boundary protection of this resource while it operates within the logically separated structure of Azure Virtual Enclaves. https://aka.ms/VirtualEnclaves
TypeBuiltIn
DeprecatedFalse
PreviewTrue
Policy count Total Policies: 23
Builtin Policies: 23
Static Policies: 0
Policy used
Policy DisplayName Policy Id Category Effect Roles# Roles State
An Azure Active Directory administrator should be provisioned for SQL servers 1f314764-cb73-4fc9-b863-8eca98ac36e9 SQL Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Auditing on SQL server should be enabled a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 SQL Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Azure Defender for SQL should be enabled for unprotected Azure SQL servers abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 SQL Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Azure Defender for SQL should be enabled for unprotected SQL Managed Instances abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 SQL Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Azure SQL Database should be running TLS version 1.2 or newer 32e6bbec-16b6-44c2-be37-c5b672d103cf SQL Default
Audit
Allowed
Audit, Disabled, Deny		 0 GA
Azure SQL Database should have Microsoft Entra-only authentication enabled during creation abda6d70-9778-44e7-84a8-06713e6db027 SQL Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA
Azure SQL Managed Instances should disable public network access 9dfea752-dd46-4766-aed1-c355fa93fb91 SQL Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA
Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation 78215662-041e-49ed-a9dd-5385911b3a1f SQL Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA
Configure Azure Defender to be enabled on SQL managed instances c5a62eb0-c65a-4220-8a4d-f70dd4ca95dd SQL Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled		 1 SQL Security Manager GA
Configure Azure Defender to be enabled on SQL servers 36d49e87-48c4-4f2e-beed-ba4ed02b71f5 SQL Fixed
DeployIfNotExists		 1 SQL Security Manager GA
Configure Azure SQL Server to disable public network access 28b0b1e5-17ba-4963-a7a4-5a1ab4400a0b SQL Default
Modify
Allowed
Modify, Disabled		 1 SQL Server Contributor GA
Deploy SQL DB transparent data encryption 86a912f6-9a06-4e26-b447-11b16ba8659f SQL Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled		 1 SQL DB Contributor GA
Private endpoint connections on Azure SQL Database should be enabled 7698e800-9299-47a6-b3b6-5a0fee576eed SQL Default
Audit
Allowed
Audit, Disabled		 0 GA
Public network access on Azure SQL Database should be disabled 1b8ca024-1d5c-4dec-8995-b1a932b41780 SQL Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA
SQL databases should have vulnerability findings resolved feedbf84-6b99-488c-acc2-71c829aa5ffc Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
SQL Managed Instance should have the minimal TLS version of 1.2 a8793640-60f7-487c-b5c3-1d37215905c4 SQL Default
Audit
Allowed
Audit, Disabled		 0 GA
SQL managed instances should use customer-managed keys to encrypt data at rest ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA
SQL Server should use a virtual network service endpoint ae5d2f14-d830-42b6-9899-df6cfe9c71a3 Network Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
SQL servers should use customer-managed keys to encrypt data at rest 0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA
SQL servers with auditing to storage account destination should be configured with 90 days retention or higher 89099bee-89e0-4b26-a5f4-165451757743 SQL Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Transparent Data Encryption on SQL databases should be enabled 17k78e20-9358-41c9-923c-fb736d382a12 SQL Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Vulnerability assessment should be enabled on SQL Managed Instance 1b7aa243-30e4-4c9e-bca8-d0d3022b634a SQL Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Vulnerability assessment should be enabled on your SQL servers ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 SQL Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA
Roles used Total Roles usage: 4
Total Roles unique usage: 3
Role Role Id Policies count Policies
SQL Security Manager 056cd41c-7e88-42e1-933e-88ba6a50c9c3 2 Configure Azure Defender to be enabled on SQL managed instances, Configure Azure Defender to be enabled on SQL servers
SQL DB Contributor 9b7fa17d-e63e-47b0-bb0a-15c516ac86ec 1 Deploy SQL DB transparent data encryption
SQL Server Contributor 6d8ee4ec-f05a-4a1d-8b00-a9b17e38b437 1 Configure Azure SQL Server to disable public network access
History
Date/Time (UTC ymd) (i) Changes
2024-01-17 19:06:27 add Initiative 0fbe78a5-1722-4f1b-83a5-89c14151fa60
JSON compare n/a
JSON
api-version=2021-06-01
EPAC