AzInitiativeAdvertizer

last sync: 2025-Apr-29 17:15:47 UTC

[Preview]: Control the use of Microsoft SQL in a Virtual Enclave

Azure BuiltIn Policy Initiative (PolicySet)

Source Azure Portal
Display name[Preview]: Control the use of Microsoft SQL in a Virtual Enclave
Id0fbe78a5-1722-4f1b-83a5-89c14151fa60
Version1.0.0-preview
Details on versioning
Versioning Versions supported for Versioning: 1
1.0.0-preview
Built-in Versioning [Preview]
CategoryVirtualEnclaves
Microsoft Learn
DescriptionThis initiative deploys Azure policies for Microsoft SQL ensuring boundary protection of this resource while it operates within the logically separated structure of Azure Virtual Enclaves. https://aka.ms/VirtualEnclaves
Cloud environmentsAzureCloud = true
AzureChinaCloud = unknown
AzureUSGovernment = true
Available in AzUSGovThe PolicySet is available in AzureUSGovernment cloud. Version: '1.0.0-preview'
Repository: Azure-Policy 0fbe78a5-1722-4f1b-83a5-89c14151fa60
TypeBuiltIn
DeprecatedFalse
PreviewTrue
Policy-used summary
Policy types Policy states Policy categories
Total Policies: 23
Builtin Policies: 23
Static Policies: 0
GA: 24
3 categories:
Network: 1
Security Center: 1
SQL: 22
Policy-used
Policy DisplayName Policy Id Category Version Versioning Effect Roles# Roles State policy in AzUSGov
An Azure Active Directory administrator should be provisioned for SQL servers 1f314764-cb73-4fc9-b863-8eca98ac36e9 SQL 1.0.0 1x
1.0.0		 Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA true
Auditing on SQL server should be enabled a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 SQL 2.0.0 1x
2.0.0		 Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA true
Azure Defender for SQL should be enabled for unprotected Azure SQL servers abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 SQL 2.0.1 1x
2.0.1		 Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA true
Azure Defender for SQL should be enabled for unprotected SQL Managed Instances abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 SQL 1.0.2 1x
1.0.2		 Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA true
Azure SQL Database should be running TLS version 1.2 or newer 32e6bbec-16b6-44c2-be37-c5b672d103cf SQL 2.0.0 1x
2.0.0		 Default
Audit
Allowed
Audit, Disabled, Deny		 0 GA true
Azure SQL Database should have Microsoft Entra-only authentication enabled during creation abda6d70-9778-44e7-84a8-06713e6db027 SQL 1.2.0 2x
1.2.0, 1.1.0		 Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA true
Azure SQL Managed Instances should disable public network access 9dfea752-dd46-4766-aed1-c355fa93fb91 SQL 1.0.0 1x
1.0.0		 Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA true
Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation 78215662-041e-49ed-a9dd-5385911b3a1f SQL 1.2.0 2x
1.2.0, 1.1.0		 Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA true
Configure Azure Defender to be enabled on SQL managed instances c5a62eb0-c65a-4220-8a4d-f70dd4ca95dd SQL 2.0.0 1x
2.0.0		 Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled		 1 SQL Security Manager GA true
Configure Azure Defender to be enabled on SQL servers 36d49e87-48c4-4f2e-beed-ba4ed02b71f5 SQL 2.1.0 1x
2.1.0		 Fixed
DeployIfNotExists		 1 SQL Security Manager GA true
Configure Azure SQL Server to disable public network access 28b0b1e5-17ba-4963-a7a4-5a1ab4400a0b SQL 1.0.0 1x
1.0.0		 Default
Modify
Allowed
Modify, Disabled		 1 SQL Server Contributor GA true
Deploy SQL DB transparent data encryption 86a912f6-9a06-4e26-b447-11b16ba8659f SQL 2.2.0 1x
2.2.0		 Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled		 1 SQL DB Contributor GA true
Private endpoint connections on Azure SQL Database should be enabled 7698e800-9299-47a6-b3b6-5a0fee576eed SQL 1.1.0 1x
1.1.0		 Default
Audit
Allowed
Audit, Disabled		 0 GA true
Public network access on Azure SQL Database should be disabled 1b8ca024-1d5c-4dec-8995-b1a932b41780 SQL 1.1.0 1x
1.1.0		 Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA true
SQL databases should have vulnerability findings resolved feedbf84-6b99-488c-acc2-71c829aa5ffc Security Center 4.1.0 1x
4.1.0		 Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA true
SQL Managed Instance should have the minimal TLS version of 1.2 a8793640-60f7-487c-b5c3-1d37215905c4 SQL 1.0.1 1x
1.0.1		 Default
Audit
Allowed
Audit, Disabled		 0 GA true
SQL managed instances should use customer-managed keys to encrypt data at rest ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL 2.0.0 1x
2.0.0		 Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA true
SQL Server should use a virtual network service endpoint ae5d2f14-d830-42b6-9899-df6cfe9c71a3 Network 1.0.0 1x
1.0.0		 Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA true
SQL servers should use customer-managed keys to encrypt data at rest 0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL 2.0.1 1x
2.0.1		 Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA true
SQL servers with auditing to storage account destination should be configured with 90 days retention or higher 89099bee-89e0-4b26-a5f4-165451757743 SQL 3.0.0 1x
3.0.0		 Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA true
Transparent Data Encryption on SQL databases should be enabled 17k78e20-9358-41c9-923c-fb736d382a12 SQL 2.0.0 1x
2.0.0		 Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA true
Vulnerability assessment should be enabled on SQL Managed Instance 1b7aa243-30e4-4c9e-bca8-d0d3022b634a SQL 1.0.1 1x
1.0.1		 Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA true
Vulnerability assessment should be enabled on your SQL servers ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 SQL 3.0.0 1x
3.0.0		 Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA true
Roles used Total Roles usage: 4
Total Roles unique usage: 3
Role Role Id #Policies Policies
SQL Security Manager 056cd41c-7e88-42e1-933e-88ba6a50c9c3 2 Configure Azure Defender to be enabled on SQL managed instances, Configure Azure Defender to be enabled on SQL servers
SQL Server Contributor 6d8ee4ec-f05a-4a1d-8b00-a9b17e38b437 1 Configure Azure SQL Server to disable public network access
SQL DB Contributor 9b7fa17d-e63e-47b0-bb0a-15c516ac86ec 1 Deploy SQL DB transparent data encryption
History
Date/Time (UTC ymd) (i) Changes
2024-01-17 19:06:27 add Initiative 0fbe78a5-1722-4f1b-83a5-89c14151fa60
JSON compare n/a
JSON
api-version=2023-04-01
EPAC