[Deprecated]: Deploy SQL Database built-in SQL security configuration

Azure Landing Zones (ALZ) Policy Initiative (PolicySet)

Policy types

Policy states

Policy categories

Total Policies: 4
Builtin Policies: 1
Static Policies: 0
ALZ Policies: 3

Deprecated: 1
GA: 3

1 categories:

SQL: 4

Rows: 1-4 / 4

Records:

Use the filters above each column to filter and limit table data. Advanced searches can be performed by using the following operators:
<, <=, >, >=, =, *, !, {, }, ||,&&, [empty], [nonempty], rgx:
Learn more

TableFilter v0.7.3

https://www.tablefilter.com/
©2015-2025 Max Guglielmi

Page of 1

Policy DisplayName

Policy Id

Category

Effect

Roles#

Roles

State

Type

policy in AzUSGov

[Deprecated]: Deploy SQL Database vulnerability Assessments

Deploy-Sql-vulnerabilityAssessments

SQL

Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled

Monitoring Contributor, SQL Security Manager, Storage Account Contributor

Deprecated

ALZ

Deploy SQL database auditing settings

Deploy-Sql-AuditingSettings

SQL

Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled

SQL Security Manager

ALZ

Deploy SQL Database security Alert Policies configuration with email admin accounts

Deploy-Sql-SecurityAlertPolicies

SQL

Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled

SQL Security Manager

ALZ

Deploy SQL DB transparent data encryption

86a912f6-9a06-4e26-b447-11b16ba8659f

SQL

Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled

SQL DB Contributor

BuiltIn

true

Role

Role Id

#Policies

Policies

Storage Account Contributor

17d1049b-9a84-46fb-8f53-869881c3d3ab

[Deprecated]: Deploy SQL Database vulnerability Assessments

Monitoring Contributor

749f88d5-cbae-40b8-bcfc-e573ddc772fa

[Deprecated]: Deploy SQL Database vulnerability Assessments

SQL Security Manager

056cd41c-7e88-42e1-933e-88ba6a50c9c3

[Deprecated]: Deploy SQL Database vulnerability Assessments, Deploy SQL database auditing settings, Deploy SQL Database security Alert Policies configuration with email admin accounts

SQL DB Contributor

9b7fa17d-e63e-47b0-bb0a-15c516ac86ec

Deploy SQL DB transparent data encryption

{

policyType: "Custom",
displayName: "[Deprecated]: Deploy SQL Database built-in SQL security configuration",
description: "Deploy auditing, Alert, TDE and SQL vulnerability to SQL Databases when it not exist in the deployment. Superseded by https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Deploy-Sql-Security_20240529.html",
metadata: {6 items
- version: "1.0.0-deprecated",
- category: "SQL",
- source: "https://github.com/Azure/Enterprise-Scale/",
- deprecated: true,
- supersededBy: "Deploy-Sql-Security_20240529",
- alzCloudEnvironments: [3 items
  - "AzureCloud",
  - "AzureChinaCloud",
  - "AzureUSGovernment"
  ]
},
parameters: {6 items
- vulnerabilityAssessmentsEmail: {2 items
  - metadata: {2 items
    - description: "The email address to send alerts",
    - displayName: "The email address to send alerts"
    },
  - type: "String"
  },
- vulnerabilityAssessmentsStorageID: {2 items
  - metadata: {2 items
    - description: "The storage account ID to store assessments",
    - displayName: "The storage account ID to store assessments"
    },
  - type: "String"
  },
- SqlDbTdeDeploySqlSecurityEffect: {4 items
  - type: "String",
  - defaultValue: "DeployIfNotExists",
  - allowedValues: [2 items
    - "DeployIfNotExists",
    - "Disabled"
    ],
  - metadata: {2 items
    - displayName: "Deploy SQL Database Transparent Data Encryption ",
    - description: "Deploy the Transparent Data Encryption when it is not enabled in the deployment"
    }
  },
- SqlDbSecurityAlertPoliciesDeploySqlSecurityEffect: {4 items
  - type: "String",
  - defaultValue: "DeployIfNotExists",
  - allowedValues: [2 items
    - "DeployIfNotExists",
    - "Disabled"
    ],
  - metadata: {2 items
    - displayName: "Deploy SQL Database security Alert Policies configuration with email admin accounts",
    - description: "Deploy the security Alert Policies configuration with email admin accounts when it not exist in current configuration"
    }
  },
- SqlDbAuditingSettingsDeploySqlSecurityEffect: {4 items
  - type: "String",
  - defaultValue: "DeployIfNotExists",
  - allowedValues: [2 items
    - "DeployIfNotExists",
    - "Disabled"
    ],
  - metadata: {2 items
    - displayName: "Deploy SQL database auditing settings",
    - description: "Deploy auditing settings to SQL Database when it not exist in the deployment"
    }
  },
- SqlDbVulnerabilityAssessmentsDeploySqlSecurityEffect: {4 items
  - type: "String",
  - defaultValue: "DeployIfNotExists",
  - allowedValues: [2 items
    - "DeployIfNotExists",
    - "Disabled"
    ],
  - metadata: {2 items
    - displayName: "Deploy SQL Database vulnerability Assessments",
    - description: "Deploy SQL Database vulnerability Assessments when it not exist in the deployment. To the specific storage account in the parameters"
    }
  }
},
policyDefinitions: [4 items
- {4 items
  - policyDefinitionReferenceId: "SqlDbTdeDeploySqlSecurity",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/86a912f6-9a06-4e26-b447-11b16ba8659f Deploy SQL DB transparent data encryption ,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('SqlDbTdeDeploySqlSecurityEffect')]"
      }
    },
  - groupNames: []
  },
- {4 items
  - policyDefinitionReferenceId: "SqlDbSecurityAlertPoliciesDeploySqlSecurity",
  - policyDefinitionId: "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-SecurityAlertPolicies",
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('SqlDbSecurityAlertPoliciesDeploySqlSecurityEffect')]"
      }
    },
  - groupNames: []
  },
- {4 items
  - policyDefinitionReferenceId: "SqlDbAuditingSettingsDeploySqlSecurity",
  - policyDefinitionId: "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-AuditingSettings",
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('SqlDbAuditingSettingsDeploySqlSecurityEffect')]"
      }
    },
  - groupNames: []
  },
- {4 items
  - policyDefinitionReferenceId: "SqlDbVulnerabilityAssessmentsDeploySqlSecurity",
  - policyDefinitionId: "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-vulnerabilityAssessments",
  - parameters: {3 items
    - effect: {1 item
      - value: "[parameters('SqlDbVulnerabilityAssessmentsDeploySqlSecurityEffect')]"
      },
    - vulnerabilityAssessmentsEmail: {1 item
      - value: "[parameters('vulnerabilityAssessmentsEmail')]"
      },
    - vulnerabilityAssessmentsStorageID: {1 item
      - value: "[parameters('vulnerabilityAssessmentsStorageID')]"
      }
    },
  - groupNames: []
  }
],
policyDefinitionGroups: null

}