AzInitiativeAdvertizer

last sync: 2025-Oct-23 17:22:49 UTC

Enforce recommended guardrails for SQL and SQL Managed Instance

Azure Landing Zones (ALZ) Policy Initiative (PolicySet)

Source Repository Azure Landing Zones (ALZ) GitHub
JSON Enforce-Guardrails-SQL
Display nameEnforce recommended guardrails for SQL and SQL Managed Instance
IdEnforce-Guardrails-SQL
Version1.1.0
Details on versioning
CategorySQL
DescriptionThis policy initiative is a group of policies that ensures SQL and SQL Managed Instance is compliant per regulated Landing Zones.
Cloud environments AzureChinaCloud
AzureCloud
AzureUSGovernment
TypeCustom Azure Landing Zones (ALZ)
DeprecatedFalse
PreviewFalse
Policy-used summary
Policy types Policy states Policy categories
Total Policies: 5
Builtin Policies: 5
Static Policies: 0
ALZ Policies: 0
GA: 5
1 categories:
SQL: 5
Policy-used
Policy DisplayName Policy Id Category Effect Roles# Roles State Type policy in AzUSGov
Azure SQL Database should have Microsoft Entra-only authentication enabled during creation abda6d70-9778-44e7-84a8-06713e6db027 SQL Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA BuiltIn true
Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation 78215662-041e-49ed-a9dd-5385911b3a1f SQL Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA BuiltIn true
Configure Azure Defender to be enabled on SQL managed instances c5a62eb0-c65a-4220-8a4d-f70dd4ca95dd SQL Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled		 1 SQL Security Manager GA BuiltIn true
Configure Azure SQL Server to disable public network access 28b0b1e5-17ba-4963-a7a4-5a1ab4400a0b SQL Default
Modify
Allowed
Modify, Disabled		 1 SQL Server Contributor GA BuiltIn true
Deploy Advanced Data Security on SQL servers 6134c3db-786f-471e-87bc-8f479dc890f6 SQL Fixed
DeployIfNotExists		 2 SQL Security Manager, Storage Account Contributor GA BuiltIn unknown
Roles used
History none
JSON compare n/a
JSON
EPAC