AzInitiativeAdvertizer

last sync: 2024-Jul-26 18:18:00 UTC

[Preview]: Control the use of PostgreSql in a Virtual Enclave

Azure BuiltIn Policy Initiative (PolicySet)

Source

Azure Portal

Display name

[Preview]: Control the use of PostgreSql in a Virtual Enclave

5eaa16b4-81f2-4354-aef3-2d77288e396e

Version

1.0.0-preview
Details on versioning

Category

VirtualEnclaves
Microsoft Learn

Description

This initiative deploys Azure policies for PostgreSql ensuring boundary protection of this resource while it operates within the logically separated structure of Azure Virtual Enclaves. https://aka.ms/VirtualEnclaves

Type

BuiltIn

Deprecated

False

Preview

True

Policy count

Total Policies: 10
Builtin Policies: 10
Static Policies: 0

Policy used

Policy DisplayName	Policy Id	Category	Effect	Roles#	Roles	State
Configure Advanced Threat Protection to be enabled on Azure database for PostgreSQL servers	db048e65-913c-49f9-bb5f-1084184671d3	SQL	Default DeployIfNotExists Allowed DeployIfNotExists, Disabled	1	Contributor	GA
Connection throttling should be enabled for PostgreSQL database servers	5345bb39-67dc-4960-a1bf-427e16b9a0bd	SQL	Default AuditIfNotExists Allowed AuditIfNotExists, Disabled	0		GA
Disconnections should be logged for PostgreSQL database servers.	eb6f77b9-bd53-4e35-a23d-7f65d5f0e446	SQL	Default AuditIfNotExists Allowed AuditIfNotExists, Disabled	0		GA
Enforce SSL connection should be enabled for PostgreSQL database servers	d158790f-bfb0-486c-8631-2dc6b4e8e6af	SQL	Default Audit Allowed Audit, Disabled	0		GA
Infrastructure encryption should be enabled for Azure Database for PostgreSQL servers	24fba194-95d6-48c0-aea7-f65bf859c598	SQL	Default Audit Allowed Audit, Deny, Disabled	0		GA
Log checkpoints should be enabled for PostgreSQL database servers	eb6f77b9-bd53-4e35-a23d-7f65d5f0e43d	SQL	Default AuditIfNotExists Allowed AuditIfNotExists, Disabled	0		GA
Log connections should be enabled for PostgreSQL database servers	eb6f77b9-bd53-4e35-a23d-7f65d5f0e442	SQL	Default AuditIfNotExists Allowed AuditIfNotExists, Disabled	0		GA
Log duration should be enabled for PostgreSQL database servers	eb6f77b9-bd53-4e35-a23d-7f65d5f0e8f3	SQL	Default AuditIfNotExists Allowed AuditIfNotExists, Disabled	0		GA
PostgreSQL servers should use customer-managed keys to encrypt data at rest	18adea5e-f416-4d0f-8aa8-d24321e3e274	SQL	Default AuditIfNotExists Allowed AuditIfNotExists, Disabled	0		GA
Public network access should be disabled for PostgreSQL servers	b52376f7-9612-48a1-81cd-1ffe4b61032c	SQL	Default Audit Allowed Audit, Deny, Disabled	0		GA

Roles used

Total Roles usage: 1
Total Roles unique usage: 1

Role	Role Id	Policies count	Policies
Contributor	b24988ac-6180-42a0-ab88-20f7382dd24c	1	Configure Advanced Threat Protection to be enabled on Azure database for PostgreSQL servers

History

Date/Time (UTC ymd) (i)	Changes
2024-01-17 19:06:27	add Initiative 5eaa16b4-81f2-4354-aef3-2d77288e396e

JSON compare

n/a

JSON

api-version=2021-06-01
EPAC