-
Notifications
You must be signed in to change notification settings - Fork 1k
/
Copy pathDeny-Sql-minTLS.json
75 lines (75 loc) · 2.1 KB
/
Deny-Sql-minTLS.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
{
"name": "Deny-Sql-minTLS",
"type": "Microsoft.Authorization/policyDefinitions",
"apiVersion": "2021-06-01",
"scope": null,
"properties": {
"policyType": "Custom",
"mode": "Indexed",
"displayName": "Azure SQL Database should have the minimal TLS version set to the highest version",
"description": "Setting minimal TLS version to 1.2 improves security by ensuring your Azure SQL Database can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not reccomended since they have well documented security vunerabilities.",
"metadata": {
"version": "1.1.0",
"category": "SQL",
"source": "https://github.com/Azure/Enterprise-Scale/",
"alzCloudEnvironments": [
"AzureCloud",
"AzureChinaCloud",
"AzureUSGovernment"
]
},
"parameters": {
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Enable or disable the execution of the policy"
},
"allowedValues": [
"Audit",
"Disabled",
"Deny"
],
"defaultValue": "Audit"
},
"minimalTlsVersion": {
"type": "String",
"defaultValue": "1.2",
"allowedValues": [
"1.2",
"1.1",
"1.0"
],
"metadata": {
"displayName": "Select version for SQL server",
"description": "Select version minimum TLS version SQL servers to enforce"
}
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Sql/servers"
},
{
"anyOf": [
{
"field": "Microsoft.Sql/servers/minimalTlsVersion",
"exists": "false"
},
{
"field": "Microsoft.Sql/servers/minimalTlsVersion",
"less": "[[parameters('minimalTlsVersion')]"
}
]
}
]
},
"then": {
"effect": "[[parameters('effect')]"
}
}
}
}