AzInitiativeAdvertizer

last sync: 2025-Apr-29 17:15:47 UTC

Deploy SQL Database built-in SQL security configuration

Azure Landing Zones (ALZ) Policy Initiative (PolicySet)

Source Repository Azure Landing Zones (ALZ) GitHub
JSON Deploy-Sql-Security_20240529
Display nameDeploy SQL Database built-in SQL security configuration
IdDeploy-Sql-Security_20240529
Version1.1.0
Details on versioning
CategorySQL
DescriptionDeploy auditing, Alert, TDE and SQL vulnerability to SQL Databases when it not exist in the deployment
Cloud environments AzureChinaCloud
AzureCloud
AzureUSGovernment
TypeCustom Azure Landing Zones (ALZ)
DeprecatedFalse
PreviewFalse
Replaces PolicySet This ALZ PolicySet definition replaces [Deprecated]: Deploy SQL Database built-in SQL security configuration (Deploy-Sql-Security)
More information on Azure Landing Zones deprecated Policy and PolicySet definitions
Policy-used summary
Policy types Policy states Policy categories
Total Policies: 4
Builtin Policies: 1
Static Policies: 0
ALZ Policies: 3
GA: 4
1 categories:
SQL: 4
Policy-used
Policy DisplayName Policy Id Category Effect Roles# Roles State Type policy in AzUSGov
Deploy SQL database auditing settings Deploy-Sql-AuditingSettings SQL Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled		 1 SQL Security Manager GA ALZ
Deploy SQL Database security Alert Policies configuration with email admin accounts Deploy-Sql-SecurityAlertPolicies SQL Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled		 1 SQL Security Manager GA ALZ
Deploy SQL Database Vulnerability Assessments Deploy-Sql-vulnerabilityAssessments_20230706 SQL Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled		 3 Monitoring Contributor, SQL Security Manager, Storage Account Contributor GA ALZ
Deploy SQL DB transparent data encryption 86a912f6-9a06-4e26-b447-11b16ba8659f SQL Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled		 1 SQL DB Contributor GA BuiltIn true
Roles used
History none
JSON compare n/a
JSON
EPAC