AzResourceTypeAdvertizer

last sync: 2025-Apr-29 17:44:12 Etc/UTC

Azure SQL Server - Microsoft Azure Resource type
microsoft.sql/servers

Azure Resource Provider Resource provider (RP) - Microsoft SQL Database [Microsoft.Sql]
RP Microsoft.Sql
RP display name Microsoft SQL Database
Azure Resource Type
RP Resource types		 Resource types: 405
Azure Policy Alias
RP aliases		 RP aliases: 1292
Azure Policy definition
RP Azure Policy		 Azure Policy definitions: 112
if: 112
then.deployment: 24
then.details: 2
then.existenceCondition: 0
then.operations: 0
Azure RBAC Role Based Access Control
RP RBAC operations		 RP RBAC operations: 595
RP RBAC operationType action: 84
RP RBAC operationType delete: 61
RP RBAC operationType read: 338
RP RBAC operationType write: 112
Azure RBAC Role definition
RP RBAC Roles & Operation actions		 Unique RBAC Roles: 25
RBAC Roles with action operationType: 10
RBAC Roles with delete operationType: 10
RBAC Roles with read operationType: 24
RBAC Roles with write operationType: 11
Azure Application
RP related 1st party Service Principals		 RP related 1st party Service Principals: 7
• SQLDBControlPlaneFirstPartyApp (appId: ceecbdd6-288c-4be9-8445-74f139e5db19) [ JSON;CSV]
• Azure SQL Virtual Network to Network Resource Provider (appId: 76cd24bf-a9fc-4344-b1dc-908275de6d6d) [ JSON;CSV]
• Azure SQL Managed Instance to Microsoft.Network (appId: 76c7f279-7959-468f-8943-3954880e0d8c) [ JSON;CSV]
• Azure SQL Managed Instance to Azure AD Resource Provider (appId: 9c8b80bc-6887-42d0-b1af-d0c40f9bf1fa) [ JSON;CSV]
• Azure SQL Database Backup To Azure Backup Vault (appId: e4ab13ed-33cb-41b4-9140-6e264582cf85) [ JSON;CSV]
• Azure SQL Database (appId: 022907d3-0f1b-48f7-badc-1ba6abab6d66) [ JSON;CSV]
• Azure Data Warehouse Polybase (appId: 0130cc9f-7ac5-4026-bd5f-80a08a54e6d9) [ JSON;CSV]
All Azure RPs Microsoft Learn
AzResourceTypesAdvertizer (Microsoft only)
Azure Resource Type Resource type (RT) - Azure SQL Server [microsoft.sql/servers]
RT information
RT microsoft.sql/servers
RT display name Azure SQL Server
RT type only
(without RP)		 servers
RT sub- Resource types sub-Resource types: 169
RT schema RT schema API versions: 20
2024-05-01-preview
2023-08-01-preview
2023-08-01
2023-05-01-preview
2023-02-01-preview
2022-11-01-preview
2022-08-01-preview
2022-05-01-preview
2022-02-01-preview
2021-11-01-preview
2021-11-01
2021-08-01-preview
2021-05-01-preview
2021-02-01-preview
2020-11-01-preview
2020-08-01-preview
2020-02-02-preview
2019-06-01-preview
2015-05-01-preview
2014-04-01
All Microsoft Azure RTs AzResourceTypesAdvertizer
Aliases and Azure Policy
Azure Policy Alias
Aliases		 aliases: 37
Azure Policy definition
Azure Policy		 Azure Policy definitions: 42
if: 42
then.deployment: 1
then.details: 0
then.existenceCondition: 0
then.operations: 0
RBAC Operations and Roles & Roles related operation actions
Azure RBAC Role Based Access Control
RBAC operations		 RBAC operations: 8
RBAC operationType action: 5
RBAC operationType delete: 1
RBAC operationType read: 1
RBAC operationType write: 1
Azure RBAC Role definition
RBAC Roles & Operation actions		 Unique RBAC Roles: 22
RBAC Roles with action operationType: 5
RBAC Roles with delete operationType: 5
RBAC Roles with read operationType: 22
RBAC Roles with write operationType: 6
Capabilities & Locations
Azure Resource Diagnostic settings logs
Diagnostic logs		 False
Azure Resource Diagnostic settings metrics
Diagnostic metrics		 False
Azure Customer-managed key
Customer-managed key (CMK) [experimental]		 True
Microsoft Learn
Enforce Encryption with a customer-managed key (CMK) at scale
Azure Managed identity
System-Assigned-Resource-Identity		 True
Azure Resource Mover
Cross-ResourceGroup-Resource-Move		 True
Azure Resource Mover
Cross-Subscription-Resource-Move		 True
Azure Resource Tags
Tags		 True
Azure Extension
Extension		 False
Azure Private Endpoint
Private-Endpoint		 True
Azure Private Endpoint location Azure Private Endpoint location
Supported Locations for Private-Endpoint		 Supported Locations for Private-Endpoint: 44
australiacentral, australiaeast, australiasoutheast, brazilsouth, canadacentral, canadaeast, centralindia, centralus, eastasia, eastus, eastus2, francecentral, germanywestcentral, indonesiacentral, israelcentral, italynorth, japaneast, japanwest, jioindiawest, koreacentral, koreasouth, mexicocentral, newzealandnorth, northcentralus, northeurope, norwayeast, polandcentral, qatarcentral, southafricanorth, southcentralus, southeastasia, southindia, spaincentral, swedencentral, switzerlandnorth, uaenorth, uksouth, ukwest, westcentralus, westeurope, westindia, westus, westus2, westus3
Non supported Locations for Private-Endpoint Non supported Locations for Private-Endpoint: 14
brazilus, eastusstg, centraluseuap, eastus2euap, southcentralusstg, southafricawest, australiacentral2, jioindiacentral, francesouth, germanynorth, norwaywest, switzerlandwest, uaecentral, brazilsoutheast
Azure location
Location		 True
Azure Resource type location Azure Resource type location
Locations		 Locations: 43
australiacentral, australiaeast, australiasoutheast, brazilsouth, canadacentral, canadaeast, centralindia, centralus, eastasia, eastus, eastus2, francecentral, germanywestcentral, indonesiacentral, israelcentral, italynorth, japaneast, japanwest, koreacentral, koreasouth, mexicocentral, newzealandnorth, northcentralus, northeurope, norwayeast, polandcentral, qatarcentral, southafricanorth, southcentralus, southeastasia, southindia, spaincentral, swedencentral, switzerlandnorth, uaenorth, uksouth, ukwest, westcentralus, westeurope, westindia, westus, westus2, westus3
Not locations Not locations: 54
asia, asiapacific, australia, australiacentral2, brazil, brazilsoutheast, brazilus, canada, centraluseuap, centralusstage, eastasiastage, eastus2euap, eastus2stage, eastusstage, eastusstg, europe, france, francesouth, germany, germanynorth, global, india, indonesia, israel, italy, japan, jioindiacentral, jioindiawest, korea, mexico, newzealand, northcentralusstage, norway, norwaywest, poland, qatar, singapore, southafrica, southafricawest, southcentralusstage, southcentralusstg, southeastasiastage, spain, sweden, switzerland, switzerlandwest, taiwan, uae, uaecentral, uk, unitedstates, unitedstateseuap, westus2stage, westusstage
Assessment tooling
Azure Advisor
Azure Advisor 		Azure Advisor recommendations: 99
Security [High] 'OLE Automation Procedures' feature should be disabled for SQL Servers
Security [High] 'sa' login should be disabled for SQL Servers
Security [High] AES encryption should be required for any Existing Mirroring or SSB endpoint on SQL Databases
Security [High] Asymmetric keys' length should be at least 2048 bits in SQL databases
Security [High] Auditing should be enabled at the server level for SQL Servers
Security [High] Cell-Level Encryption keys should use AES algorithm in SQL databases
Security [High] Certificate keys should use at least 2048 bits for SQL Databases
Security [High] Changes to signed modules should be authorized for SQL databases
Security [High] CLR should be disabled for SQL Servers
Security [High] Database communication using TDS should be protected through TLS for SQL Servers
Security [High] Database Encryption Symmetric Keys should use AES algorithm in SQL databases
Security [High] Database owners should be as expected for SQL databases
Security [High] Database ownership chaining should be disabled for all databases except for 'master', 'msdb' and 'tempdb' on SQL Servers
Security [High] Database principals should not be mapped to the sa account in SQL databases
Security [High] Database user GUEST should not be a member of any role in SQL databases
Security [High] Database-level firewall rules should be tracked and maintained at a strict minimum for SQL Servers
Security [High] Database-level firewall rules should not grant excessive access for SQL Servers
Security [High] Execute permissions on xp_cmdshell from all users (except dbo) should be revoked for SQL Servers
Security [High] Execute permissions to access the registry should be restricted for SQL Servers
Security [High] Features that may affect security should be disabled for SQL Servers
Security [High] Filestream should be disabled for SQL Servers
Security [High] Force encryption should be enabled for TDS for SQL Servers
Security [High] Latest updates should be installed for SQL Servers
Security [High] Microsoft Defender for SQL should be enabled for unprotected Azure SQL servers
Security [High] Minimal set of principals should be granted ALTER or ALTER ANY USER database-scoped permissions in SQL databases
Security [High] Minimal set of principals should be members of fixed Azure SQL Database master database roles
Security [High] Minimal set of principals should be members of fixed high impact database roles in SQL databases
Security [High] Minimal set of principals should be members of fixed server roles for SQL Servers
Security [High] Polybase network encryption should be enabled for SQL databases
Security [High] Server-level firewall rules should be tracked and maintained at a strict minimum on SQL Servers
Security [High] Server-level firewall rules should not grant excessive access for SQL Servers
Security [High] SQL databases should have vulnerability findings resolved
Security [High] SQL logins with commonly used names should be disabled for SQL Servers
Security [High] SQL servers should have an Azure Active Directory administrator provisioned
Security [High] SQL servers should have vulnerability assessment configured
Security [High] The database owner information in the database should match the respective database owner information in the master database for SQL databases
Security [High] The Trustworthy bit should be disabled on all databases except MSDB for SQL Databases
Security [High] There should be no SPs marked as auto-start for SQL Servers
Security [High] Untracked trusted assemblies should be removed for SQL Servers
Security [High] User CLR assemblies should not be defined in SQL databases
Security [High] Vulnerability Assessment should be configured on SQL Server 2012 and higher only
Security [High] xp_cmdshell should be disabled for SQL Servers
Security [Low] [Enable if required] SQL servers should use customer-managed keys to encrypt data at rest
Security [Low] Account with default name 'sa' should be renamed and disabled on SQL Servers
Security [Low] Application roles should not be used in SQL databases
Security [Low] Audit retention for SQL servers should be set to at least 90 days
Security [Low] Auditing of both successful and failed login attempts (default trace) should be enabled when 'Login auditing' is set up to track logins for SQL Servers
Security [Low] Auditing of both successful and failed login attempts should be enabled for SQL Servers
Security [Low] Auditing on SQL server should be enabled
Security [Low] BUILTIN\Administrators should be removed as a server login for SQL Servers
Security [Low] CHECK_POLICY should be enabled for all SQL logins for SQL Servers
Security [Low] Database permissions shouldn't be granted directly to principals for SQL Servers
Security [Low] Database users shouldn't share the same name as a server login for Model SQL database
Security [Low] Excessive permissions should not be granted to PUBLIC role on objects or columns in SQL databases
Security [Low] GUEST user should not be granted permissions on SQL database securables
Security [Low] Maximum number of error logs should be 12 or more for SQL Servers
Security [Low] Minimal set of principals should be granted EXECUTE permission on objects or columns in SQL databases
Security [Low] Minimal set of principals should be members of fixed low impact database roles in SQL databases
Security [Low] Orphan database roles should be removed from SQL databases
Security [Low] Password expiration check should be enabled for all SQL logins on SQL Servers
Security [Low] Principal GUEST should not be granted permissions in SQL databases
Security [Low] Principal GUEST should not be granted permissions on objects or columns in SQL databases
Security [Low] Sample databases should be removed for SQL Servers
Security [Low] Server permissions shouldn't be granted directly to principals for SQL Servers
Security [Low] SQL Server instance shouldn't be advertised by the SQL Server Browser service for SQL Servers
Security [Low] There should be at least 1 active audit in the system for SQL Servers
Security [Low] Track all users with access to the database for SQL Databases
Security [Low] Unused service broker endpoints should be removed for SQL Servers
Security [Medium] 'dbo' user should not be used for normal service operation in SQL databases
Security [Medium] 'Scan for startup stored procedures' option should be disabled for SQL Servers
Security [Medium] 'User Options' feature should be disabled for SQL Servers
Security [Medium] Ad-hoc distributed queries should be disabled for SQL Servers
Security [Medium] All advanced threat protection types should be enabled in SQL server advanced data security settings
Security [Medium] All memberships for user-defined roles should be intended in SQL databases
Security [Medium] Auditing of both successful and failed login attempts for contained DB authentication should be enabled for SQL databases
Security [Medium] Authentication mode should be Windows Authentication for SQL Servers
Security [Medium] AUTO_CLOSE should be disabled for SQL databases
Security [Medium] Azure SQL Database should be running TLS version 1.2 or newer
Security [Medium] Azure SQL Database should have Azure Active Directory Only Authentication enabled
Security [Medium] CLR should be disabled for SQL Servers
Security [Medium] Contained users should use Windows Authentication in SQL Server databases
Security [Medium] Create a baseline of External Key Management Providers for SQL Servers
Security [Medium] Data Transformation Services (DTS) permissions should only be granted to SSIS roles in MSDB SQL database
Security [Medium] Database Mail XPs should be disabled when it is not in use on SQL Servers
Security [Medium] Default trace should be enabled for SQL Servers
Security [Medium] Excessive permissions should not be granted to PUBLIC role in SQL databases
Security [Medium] Extensibility-features that may affect security should be disabled if not needed for SQL Servers
Security [Medium] Model database should only be accessible by Only 'dbo' should have access to Model SQL database
Security [Medium] Orphaned users should be removed from SQL server databases
Security [Medium] Principal GUEST should not have access to any user SQL database
Security [Medium] Private endpoint connections on Azure SQL Database should be enabled
Security [Medium] Public network access on Azure SQL Database should be disabled
Security [Medium] Remote Admin Connections should be disabled unless specifically required for SQL databases
Security [Medium] Server configuration 'Replication XPs' should be disabled for SQL Servers
Security [Medium] Server Permissions granted to public should be minimized for SQL Servers
Security [Medium] SQL Threat Detection should be enabled at the SQL server level
Security [Medium] Transparent data encryption should be enabled for SQL databases
Security [Medium] Unnecessary execute permissions on extended stored procedures should be revoked for SQL Servers
Security [Medium] User-defined database roles should not be members of fixed roles in SQL databases
Azure Proactive Resilience Library v2 (APRLv2)
Azure Proactive Resilience Library v2 (APRLv2) 		Azure Proactive Resilience Library v2 recommendations: 3
DisasterRecovery [High] Use Failover Group endpoints for database connections
DisasterRecovery [High] Use failover group customer managed policy
DisasterRecovery [Medium] Back Up Your Keys
PSRule for Azure
PSRule for Azure 		PSRule for Azure rules: 9
Operational Excellence [Awareness] Use valid SQL logical server names
Security [Awareness] Cleanup SQL logical server firewall rules
Security [Critical] Logical SQL Servers accepts insecure TLS versions
Security [Critical] Use Entra ID authentication with SQL databases
Security [Important] Databases use Entra ID only authentication
Security [Important] Enable auditing for Azure SQL DB server
Security [Important] Limit SQL database network access to trusted IP addresses
Security [Important] SQL Database service firewall exposes a broad range of addresses
Security [Important] Use Advanced Threat Protection
Azure Quick Review (AZQR)
Azure Quick Review (AZQR) 		Azure Quick Review (AZQR) recommendations: 8
DisasterRecovery [High] Auto Failover Groups can encompass one or multiple databases, usually used by the same app.
DisasterRecovery [High] Use Active Geo Replication to Create a Readable Secondary in Another Region
Governance [Low] SQL Name should comply with naming conventions
Governance [Low] SQL should have tags
HighAvailability [High] Enable zone redundancy for Azure SQL Database to achieve high availability and resiliency
MonitoringAndAlerting [High] Monitor your Azure SQL Database in Near Real-Time to Detect Reliability Incidents
Security [High] SQL should have private endpoints enabled
Security [Low] SQL should enforce TLS >= 1.2
Infrastructure as Code (IaC)
ARM (Azure Resource Manager)
ARM (Azure Resource Manager) templates		 ARM (Azure Resource Manager) template API versions: 20
latest
2024-05-01-preview
2023-08-01-preview
2023-08-01
2023-05-01-preview
2023-02-01-preview
2022-11-01-preview
2022-08-01-preview
2022-05-01-preview
2022-02-01-preview
2021-11-01-preview
2021-11-01
2021-08-01-preview
2021-05-01-preview
2021-02-01-preview
2020-11-01-preview
2020-08-01-preview
2020-02-02-preview
2019-06-01-preview
2015-05-01-preview
2014-04-01
Azure Bicep
Bicep templates		 Bicep template API versions: 20
latest
2024-05-01-preview
2023-08-01-preview
2023-08-01
2023-05-01-preview
2023-02-01-preview
2022-11-01-preview
2022-08-01-preview
2022-05-01-preview
2022-02-01-preview
2021-11-01-preview
2021-11-01
2021-08-01-preview
2021-05-01-preview
2021-02-01-preview
2020-11-01-preview
2020-08-01-preview
2020-02-02-preview
2019-06-01-preview
2015-05-01-preview
2014-04-01
Terraform
Terraform provider 		Terraform providers: 1
mssql_server
AzAPI Terraform
AzAPI Terraform templates		 AzAPI Terraform template API versions: 20
latest
2024-05-01-preview
2023-08-01-preview
2023-08-01
2023-05-01-preview
2023-02-01-preview
2022-11-01-preview
2022-08-01-preview
2022-05-01-preview
2022-02-01-preview
2021-11-01-preview
2021-11-01
2021-08-01-preview
2021-05-01-preview
2021-02-01-preview
2020-11-01-preview
2020-08-01-preview
2020-02-02-preview
2019-06-01-preview
2015-05-01-preview
2014-04-01
Pulumi
Pulumi provider 		Pulumi providers: 1
sql/server
OpenTofu
OpenTofu provider 		OpenTofu TF providers: 1
mssql_server
Azure Verified Modules (AVM) Bicep Azure Verified Modules (AVM) Bicep
Azure Verified Modules (AVM) Bicep 		Azure SQL Server
Azure Verified Modules (AVM) Terraform Azure Verified Modules (AVM) Terraform
Azure Verified Modules (AVM) Terraform 		• GitHub: Azure SQL Server
• Terraform registry: Azure SQL Server
REST-API (Representational State Transfer - Application Programming Interface)
REST-API versions REST-API versions: 26
2024-08-01-preview
2024-05-01-preview
2023-08-01-preview
2023-08-01
2023-05-01-preview
2023-02-01-preview
2022-11-01-preview
2022-08-01-preview
2022-05-01-preview
2022-02-01-preview
2021-11-01-preview
2021-11-01
2021-08-01-preview
2021-05-01-preview
2021-02-01-preview
2020-11-01-preview
2020-08-01-preview
2020-02-02-preview
2019-06-01-preview
2018-06-01-preview
2017-10-01-preview
2017-03-01-preview
2015-05-01-preview
2014-04-01-preview
2014-04-01
2014-01-01
REST-API version default n/a
API profiles n/a
Resource naming
Azure Naming Tool
Azure Naming Tool 		The Azure Naming Tool was created to help administrators define and manage their naming conventions, while providing a simple interface for users to generate a compliant name.
Resource naming details 
[
  {
    "property": "Azure SQL Data Warehouse",
    "ShortName": "sqldw",
    "scope": "global",
    "lengthMin": "1",
    "lengthMax": "63",
    "validText": "Lowercase letters, numbers, and hyphens.",
    "invalidText": "Can't start or end with hyphen.",
    "invalidCharacters": "",
    "invalidCharactersStart": "-",
    "invalidCharactersEnd": "-",
    "invalidCharactersConsecutive": "",
    "regx": "^(?!-.*)(?!.*-$)[a-z0-9-]{1,63}$",
    "staticValues": ""
  },
  {
    "property": "Azure SQL Database Server",
    "ShortName": "sql",
    "scope": "global",
    "lengthMin": "1",
    "lengthMax": "63",
    "validText": "Lowercase letters, numbers, and hyphens.",
    "invalidText": "Can't start or end with hyphen.",
    "invalidCharacters": "",
    "invalidCharactersStart": "-",
    "invalidCharactersEnd": "-",
    "invalidCharactersConsecutive": "",
    "regx": "^(?!-.*)(?!.*-$)[a-z0-9-]{1,63}$",
    "staticValues": ""
  }
]