last sync: 2021-Jul-08 14:19:52 UTC

Azure Policy Initiative

[Preview]: Configure Azure Defender for SQL agents on virtual machines

Name[Preview]: Configure Azure Defender for SQL agents on virtual machines
Azure Portal
Id39a366e6-fdde-4f41-bbf8-3757f46d1611
Version1.0.0-preview
details on versioning
CategoryMonitoring
Microsoft docs
DescriptionConfigure virtual machines to automatically install the Azure Defender for SQL agents where the Azure Monitor Agent is installed. Security Center collects events from the agents and uses them to provide security alerts and tailored hardening tasks (recommendations). Creates a resource group and Log Analytics workspace in the same region as the machine. This policy only applies to VMs in a few regions.
TypeBuiltIn
DeprecatedFalse
PreviewTrue
History
Date/Time (UTC ymd) (i) Changes
2021-06-02 22:44:53 add Initiative 39a366e6-fdde-4f41-bbf8-3757f46d1611
Policy count Total Policies: 1
Builtin Policies: 1
Static Policies: 0
Policy used
Policy DisplayName Policy Id Category Effect State
[Preview]: Configure Azure Defender for SQL agent on virtual machine 2ada9901-073c-444a-9a9a-91865174f0aa Security Center Default: DeployIfNotExists
Allowed: (DeployIfNotExists, Disabled)
Preview
JSON
{
  "properties": {
  "displayName": "[Preview]: Configure Azure Defender for SQL agents on virtual machines",
    "policyType": "BuiltIn",
    "description": "Configure virtual machines to automatically install the Azure Defender for SQL agents where the Azure Monitor Agent is installed. Security Center collects events from the agents and uses them to provide security alerts and tailored hardening tasks (recommendations). Creates a resource group and Log Analytics workspace in the same region as the machine. This policy only applies to VMs in a few regions.",
    "metadata": {
      "category": "Monitoring",
      "version": "1.0.0-preview",
      "preview": true
    },
    "parameters": {
      "enableCollectionOfSqlQueriesForSecurityResearch": {
        "type": "Boolean",
        "metadata": {
          "displayName": "Enable collection of SQL queries for security research",
          "description": "Enable or disable the collection of SQL queries for security research."
        },
        "allowedValues": [
          true,
          false
        ],
        "defaultValue": true
      },
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the initiative."
        },
        "allowedValues": [
          "DeployIfNotExists",
          "Disabled"
        ],
        "defaultValue": "DeployIfNotExists"
      }
    },
    "policyDefinitions": [
      {
        "policyDefinitionReferenceId": "ASC_DeployAzureDefenderForSqlAdvancedThreatProtectionWindowsAgent",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/2ada9901-073c-444a-9a9a-91865174f0aa",
        "parameters": {
          "enableCollectionOfSqlQueriesForSecurityResearch": {
          "value": "[parameters('enableCollectionOfSqlQueriesForSecurityResearch')]"
          },
          "azureDefenderForSqlExtensionTypeToInstall": {
            "value": "AdvancedThreatProtection.Windows"
          },
          "effect": {
          "value": "[parameters('effect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "ASC_DeployAzureDefenderForSqlVulnerabilityAssessmentWindowsAgent",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/2ada9901-073c-444a-9a9a-91865174f0aa",
        "parameters": {
          "enableCollectionOfSqlQueriesForSecurityResearch": {
          "value": "[parameters('enableCollectionOfSqlQueriesForSecurityResearch')]"
          },
          "azureDefenderForSqlExtensionTypeToInstall": {
            "value": "VulnerabilityAssessment.Windows"
          },
          "effect": {
          "value": "[parameters('effect')]"
          }
        }
      }
    ]
  },
  "id": "/providers/Microsoft.Authorization/policySetDefinitions/39a366e6-fdde-4f41-bbf8-3757f46d1611",
  "type": "Microsoft.Authorization/policySetDefinitions",
  "name": "39a366e6-fdde-4f41-bbf8-3757f46d1611"
}