last sync: 2025-Feb-18 18:37:02 UTC

Enforce recommended guardrails for SQL and SQL Managed Instance

Azure Landing Zones (ALZ) Policy Initiative (PolicySet)

Source Repository Azure Landing Zones (ALZ) GitHub
JSON Enforce-Guardrails-SQL
Display nameEnforce recommended guardrails for SQL and SQL Managed Instance
IdEnforce-Guardrails-SQL
Version1.1.0
Details on versioning
CategorySQL
DescriptionThis policy initiative is a group of policies that ensures SQL and SQL Managed Instance is compliant per regulated Landing Zones.
Cloud environments AzureChinaCloud
AzureCloud
AzureUSGovernment
TypeCustom Azure Landing Zones (ALZ)
DeprecatedFalse
PreviewFalse
Policy count Total Policies: 5
Builtin Policies: 5
Static Policies: 0
ALZ Policies: 0
Policy used
Policy DisplayName Policy Id Category Effect Roles# Roles State Type policy in AzUSGov
Azure SQL Database should have Microsoft Entra-only authentication enabled during creation abda6d70-9778-44e7-84a8-06713e6db027 SQL Default
Audit
Allowed
Audit, Deny, Disabled
0 GA BuiltIn true
Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation 78215662-041e-49ed-a9dd-5385911b3a1f SQL Default
Audit
Allowed
Audit, Deny, Disabled
0 GA BuiltIn true
Configure Azure Defender to be enabled on SQL managed instances c5a62eb0-c65a-4220-8a4d-f70dd4ca95dd SQL Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
1 SQL Security Manager GA BuiltIn true
Configure Azure SQL Server to disable public network access 28b0b1e5-17ba-4963-a7a4-5a1ab4400a0b SQL Default
Modify
Allowed
Modify, Disabled
1 SQL Server Contributor GA BuiltIn true
Deploy Advanced Data Security on SQL servers 6134c3db-786f-471e-87bc-8f479dc890f6 SQL Fixed
DeployIfNotExists
2 SQL Security Manager, Storage Account Contributor GA BuiltIn unknown
Roles used
History none
JSON compare n/a
JSON
EPAC