AzInitiativeAdvertizer

last sync: 2025-Apr-29 17:15:47 UTC

Configure SQL VMs and Arc-enabled SQL Servers to install Microsoft Defender for SQL and AMA with a user-defined LA workspace

Azure BuiltIn Policy Initiative (PolicySet)

Source Azure Portal
Display nameConfigure SQL VMs and Arc-enabled SQL Servers to install Microsoft Defender for SQL and AMA with a user-defined LA workspace
Idde01d381-bae9-4670-8870-786f89f49e26
Version1.2.0
Details on versioning
Versioning Versions supported for Versioning: 3
1.2.0
1.1.1
1.1.0-preview
Built-in Versioning [Preview]
CategorySecurity Center
Microsoft Learn
DescriptionMicrosoft Defender for SQL collects events from the agents and uses them to provide security alerts and tailored hardening tasks (recommendations). Creates a resource group and a Data Collection Rule in the same region as the user-defined Log Analytics workspace.
Cloud environmentsAzureCloud = true
AzureChinaCloud = unknown
AzureUSGovernment = true
Available in AzUSGovThe PolicySet is available in AzureUSGovernment cloud. Version: '1.2.0'
Repository: Azure-Policy de01d381-bae9-4670-8870-786f89f49e26
TypeBuiltIn
DeprecatedFalse
PreviewFalse
Policy-used summary
Policy types Policy states Policy categories
Total Policies: 8
Builtin Policies: 8
Static Policies: 0
GA: 8
1 categories:
Security Center: 8
Policy-used
Policy DisplayName Policy Id Category Version Versioning Effect Roles# Roles State policy in AzUSGov
Configure Arc-enabled SQL Servers to automatically install Azure Monitor Agent 3592ff98-9787-443a-af59-4505d0fe0786 Security Center 1.3.0 3x
1.3.0, 1.2.2, 1.2.1-preview		 Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled		 1 Azure Connected Machine Resource Administrator GA true
Configure Arc-enabled SQL Servers to automatically install Microsoft Defender for SQL 65503269-6a54-4553-8a28-0065a8e6d929 Security Center 1.2.0 3x
1.2.0, 1.1.2, 1.1.1-preview		 Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled		 1 Log Analytics Contributor GA true
Configure Arc-enabled SQL Servers to automatically install Microsoft Defender for SQL and DCR with a user-defined LA workspace 63d03cbd-47fd-4ee1-8a1c-9ddf07303de0 Security Center 1.8.0 7x
1.8.0, 1.7.0, 1.6.0, 1.5.0, 1.4.0, 1.3.1, 1.3.0-preview		 Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled		 1 Contributor GA true
Configure Arc-enabled SQL Servers with Data Collection Rule Association to Microsoft Defender for SQL user-defined DCR 2227e1f1-23dd-4c3a-85a9-7024a401d8b2 Security Center 1.3.0 4x
1.3.0, 1.2.0, 1.1.1, 1.1.0-preview		 Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled		 2 Log Analytics Contributor, Monitoring Contributor GA true
Configure SQL Virtual Machines to automatically install Azure Monitor Agent f91991d1-5383-4c95-8ee5-5ac423dd8bb1 Security Center 1.6.0 6x
1.6.0, 1.5.0, 1.4.0, 1.3.0, 1.2.2, 1.2.1-preview		 Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled		 1 Virtual Machine Contributor GA true
Configure SQL Virtual Machines to automatically install Microsoft Defender for SQL ddca0ddc-4e9d-4bbb-92a1-f7c4dd7ef7ce Security Center 1.6.0 6x
1.6.0, 1.5.0, 1.4.0, 1.3.0, 1.2.1, 1.2.0-preview		 Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled		 2 Log Analytics Contributor, Monitoring Contributor GA true
Configure SQL Virtual Machines to automatically install Microsoft Defender for SQL and DCR with a user-defined LA workspace 04754ef9-9ae3-4477-bf17-86ef50026304 Security Center 1.10.0 9x
1.10.0, 1.9.0, 1.8.0, 1.7.0, 1.6.0, 1.5.0, 1.4.0, 1.3.1, 1.3.0-preview		 Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled		 1 Contributor GA true
Create and assign a built-in user-assigned managed identity 09963c90-6ee7-4215-8d26-1cc660a1682f Security Center 1.8.0 7x
1.8.0, 1.7.0, 1.6.0, 1.5.0, 1.4.0, 1.3.1, 1.3.0-preview		 Default
DeployIfNotExists
Allowed
AuditIfNotExists, DeployIfNotExists, Disabled		 1 Contributor GA true
Roles used Total Roles usage: 10
Total Roles unique usage: 5
Role Role Id #Policies Policies
Monitoring Contributor 749f88d5-cbae-40b8-bcfc-e573ddc772fa 2 Configure Arc-enabled SQL Servers with Data Collection Rule Association to Microsoft Defender for SQL user-defined DCR, Configure SQL Virtual Machines to automatically install Microsoft Defender for SQL
Contributor b24988ac-6180-42a0-ab88-20f7382dd24c 3 Configure Arc-enabled SQL Servers to automatically install Microsoft Defender for SQL and DCR with a user-defined LA workspace, Configure SQL Virtual Machines to automatically install Microsoft Defender for SQL and DCR with a user-defined LA workspace, Create and assign a built-in user-assigned managed identity
Log Analytics Contributor 92aaf0da-9dab-42b6-94a3-d43ce8d16293 3 Configure Arc-enabled SQL Servers to automatically install Microsoft Defender for SQL, Configure Arc-enabled SQL Servers with Data Collection Rule Association to Microsoft Defender for SQL user-defined DCR, Configure SQL Virtual Machines to automatically install Microsoft Defender for SQL
Virtual Machine Contributor 9980e02c-c2be-4d73-94e8-173b1dc7cf3c 1 Configure SQL Virtual Machines to automatically install Azure Monitor Agent
Azure Connected Machine Resource Administrator cd570a14-e51a-42ad-bac8-bafd67325302 1 Configure Arc-enabled SQL Servers to automatically install Azure Monitor Agent
History
Date/Time (UTC ymd) (i) Changes
2024-05-15 17:48:20 Version change: '1.1.1' to '1.2.0'
2023-11-22 19:18:10 Version change: '1.1.0-preview' to '1.1.1'
Name change: '[Preview]: Configure SQL VMs and Arc-enabled SQL Servers to install Microsoft Defender for SQL and AMA with a user-defined LA workspace' to 'Configure SQL VMs and Arc-enabled SQL Servers to install Microsoft Defender for SQL and AMA with a user-defined LA workspace'
2023-09-18 18:02:04 Name change: '[Preview]: Configure machines to create the user-defined Microsoft Defender for SQL pipeline using Azure Monitor Agent' to '[Preview]: Configure SQL VMs and Arc-enabled SQL Servers to install Microsoft Defender for SQL and AMA with a user-defined LA workspace'
Description change: 'Configure machines to automatically install the Azure Monitor and Azure Security agents. Microsoft Defender for SQL collects events from the agents and uses them to provide security alerts and tailored hardening tasks (recommendations). Use the user-provided Log Analytics workspace to store audit records. Creates a resource group and a Data Collection Rule in the same region as the user-provided Log Analytics workspace.' to 'Microsoft Defender for SQL collects events from the agents and uses them to provide security alerts and tailored hardening tasks (recommendations). Creates a resource group and a Data Collection Rule in the same region as the user-defined Log Analytics workspace.'
2023-09-14 17:58:18 Version change: '1.0.0-preview' to '1.1.0-preview'
2023-08-25 17:58:14 add Initiative de01d381-bae9-4670-8870-786f89f49e26
JSON compare
compare mode: version left: version right:
JSON
api-version=2023-04-01
EPAC