Source
Azure Landing Zones (ALZ) GitHub Deploy-Sql-vulnerabilityAssessments_20230706
Display name
Deploy SQL Database Vulnerability Assessments
Id
Deploy-Sql-vulnerabilityAssessments_20230706
Version
1.0.0
Category
SQL
Description
Deploy SQL Database Vulnerability Assessments when it does not exist in the deployment, and save results to the storage account specified in the parameters.
Cloud environments
AzureChinaCloud
Mode
Indexed
Type
Custom Azure Landing Zones (ALZ)
Preview
False
Deprecated
False
Replaces Policy
This ALZ Policy definition replaces [Deprecated]: Deploy SQL Database vulnerability Assessments (Deploy-Sql-vulnerabilityAssessments)
Effect
Default Allowed
RBAC role(s)
Rule aliases
THEN-ExistenceCondition (2)
Rule resource types
IF (1) Microsoft.Sql/servers/databases THEN-Deployment (1) Microsoft.Sql/servers/databases/vulnerabilityAssessments
Initiatives usage
Records: 10 25 100 200 Use the filters above each column to filter and limit table data. Advanced searches can be performed by using the following operators:
< ,
<= ,
> ,
>= ,
= ,
* ,
! ,
{ ,
} ,
|| ,
&& ,
[empty] ,
[nonempty] ,
rgx: Learn more ? Page 1 of 1
Clear SQL Clear GA
Initiative DisplayName
Initiative Id
Initiative Category
State
Deploy SQL Database built-in SQL security configuration
Deploy-Sql-Security_20240529 SQL
GA
No results
History
JSON compareHide
compare mode:
side-by-side
line-by-line
version left: Deploy-Sql-vulnerabilityAssessments_1.0.1-deprecated Deploy-Sql-vulnerabilityAssessments_1.0.1 Deploy-Sql-vulnerabilityAssessments_1.0.0 version right: 1.0.0
@@ -1,27 +1,26 @@
1
{
2
"policyType": "Custom",
3
"mode": "Indexed",
4
-
"displayName": "[Deprecated]: Deploy SQL Database vulnerability Assessments",
5
-
"description": "Deploy SQL Database vulnerability Assessments when it not exist in the deployment. Superseded by https://www.azadvertizer.net/azpolicyadvertizer/Deploy-Sql-vulnerabilityAssessments_20230706.html",
6
"metadata": {
7
-
"version": "1.0.1-deprecated",
8
"category": "SQL",
9
"source": "https://github.com/Azure/Enterprise-Scale/",
10
-
"deprecated": true,
11
-
"supersededBy": "Deploy-Sql-vulnerabilityAssessments_20230706",
12
"alzCloudEnvironments": [
13
"AzureCloud",
14
"AzureChinaCloud",
15
"AzureUSGovernment"
16
]
17
},
18
"parameters": {
19
"vulnerabilityAssessmentsEmail": {
20
-
"type": "String",
21
"metadata": {
22
-
"description": "The email address to send alerts. For multiple emails, format in the following 'email1@contoso.com;email2@contoso.com'",
23
-
"displayName": "The email address to send alerts. For multiple emails, format in the following 'email1@contoso.com;email2@contoso.com'"
24
}
25
},
26
"vulnerabilityAssessmentsStorageID": {
27
"type": "String",
@@ -54,10 +53,16 @@
54
"type": "Microsoft.Sql/servers/databases/vulnerabilityAssessments",
55
"existenceCondition": {
56
"allOf": [
57
{
58
-
"field": "Microsoft.Sql/servers/databases/vulnerabilityAssessments/recurringScans.emails",
59
-
"equals": "[parameters('vulnerabilityAssessmentsEmail')]"
60
},
61
{
62
"field": "Microsoft.Sql/servers/databases/vulnerabilityAssessments/recurringScans.isEnabled",
63
"equals": true
@@ -80,9 +85,9 @@
80
"sqlServerDataBaseName": {
81
"type": "String"
82
},
83
"vulnerabilityAssessmentsEmail": {
84
-
"type": "String"
85
},
86
"vulnerabilityAssessmentsStorageID": {
87
"type": "String"
88
}
@@ -98,11 +103,9 @@
98
"storageAccountAccessKey": "[listkeys(parameters('vulnerabilityAssessmentsStorageID'), providers('Microsoft.Storage', 'storageAccounts').apiVersions[0]).keys[0].value]",
99
"recurringScans": {
100
"isEnabled": true,
101
"emailSubscriptionAdmins": false,
102
-
"emails": [
103
-
"[parameters('vulnerabilityAssessmentsEmail')]"
104
-
]
105
}
106
}
107
}
108
],
1
{
2
"policyType": "Custom",
3
"mode": "Indexed",
4
+
"displayName": "Deploy SQL Database Vulnerability Assessments",
5
+
"description": "Deploy SQL Database Vulnerability Assessments when it does not exist in the deployment, and save results to the storage account specified in the parameters .",
6
"metadata": {
7
+
"version": "1.0.0 ",
8
"category": "SQL",
9
"source": "https://github.com/Azure/Enterprise-Scale/",
10
+
"replacesPolicy ": "Deploy-Sql-vulnerabilityAssessments ",
11
"alzCloudEnvironments": [
12
"AzureCloud",
13
"AzureChinaCloud",
14
"AzureUSGovernment"
15
]
16
},
17
"parameters": {
18
"vulnerabilityAssessmentsEmail": {
19
+
"type": "Array ",
20
"metadata": {
21
+
"description": "The email address(es) to send alerts.",
22
+
"displayName": "The email address(es) to send alerts."
23
}
24
},
25
"vulnerabilityAssessmentsStorageID": {
26
"type": "String",
53
"type": "Microsoft.Sql/servers/databases/vulnerabilityAssessments",
54
"existenceCondition": {
55
"allOf": [
56
{
57
+
"count": {
58
+
"field": "Microsoft.Sql/servers/databases/vulnerabilityAssessments/recurringScans.emails[*] ",
59
+
"where": {
60
+
"value": "current(Microsoft.Sql/servers/databases/vulnerabilityAssessments/recurringScans.emails[*])",
61
+
"notIn ": "[parameters('vulnerabilityAssessmentsEmail')]"
62
+
}
63
+
},
64
+
"greater": 0
65
},
66
{
67
"field": "Microsoft.Sql/servers/databases/vulnerabilityAssessments/recurringScans.isEnabled",
68
"equals": true
85
"sqlServerDataBaseName": {
86
"type": "String"
87
},
88
"vulnerabilityAssessmentsEmail": {
89
+
"type": "Array "
90
},
91
"vulnerabilityAssessmentsStorageID": {
92
"type": "String"
93
}
103
"storageAccountAccessKey": "[listkeys(parameters('vulnerabilityAssessmentsStorageID'), providers('Microsoft.Storage', 'storageAccounts').apiVersions[0]).keys[0].value]",
104
"recurringScans": {
105
"isEnabled": true,
106
"emailSubscriptionAdmins": false,
107
+
"emails": " [parameters('vulnerabilityAssessmentsEmail')]"
108
}
109
}
110
}
111
],
JSON
Copy definition Copy definition 4 EPAC EPAC
{ 7 items policyType: "Custom" , mode: "Indexed" , displayName: "Deploy SQL Database Vulnerability Assessments" , description: "Deploy SQL Database Vulnerability Assessments when it does not exist in the deployment, and save results to the storage account specified in the parameters." , metadata: { 5 items version: "1.0.0" , category: "SQL" , source: "https://github.com/Azure/Enterprise-Scale/" , replacesPolicy: "Deploy-Sql-vulnerabilityAssessments" , alzCloudEnvironments: [ 3 items "AzureCloud" , "AzureChinaCloud" , "AzureUSGovernment" ] } , parameters: { 3 items vulnerabilityAssessmentsEmail: { 2 items type: "Array" , metadata: { 2 items description: "The email address(es) to send alerts." , displayName: "The email address(es) to send alerts." } } , vulnerabilityAssessmentsStorageID: { 2 items type: "String" , metadata: { 3 items description: "The storage account ID to store assessments" , displayName: "The storage account ID to store assessments" , assignPermissions: true } } , effect: { 4 items type: "String" , defaultValue: "DeployIfNotExists" , allowedValues: [ 2 items "DeployIfNotExists" , "Disabled" ] , metadata: { 2 items displayName: "Effect" , description: "Enable or disable the execution of the policy" } } } , policyRule: { 2 items if: { 2 items field: "type" , equals: "Microsoft.Sql/servers/databases" } , then: { 2 items effect: "[parameters('effect')]" , details: { 4 items type: "Microsoft.Sql/servers/databases/vulnerabilityAssessments" , existenceCondition: { 1 item allOf: [ 2 items { 2 items count: { 2 items field: "Microsoft.Sql/servers/databases/vulnerabilityAssessments/recurringScans.emails[*]" , where: { 2 items value: "current(Microsoft.Sql/servers/databases/vulnerabilityAssessments/recurringScans.emails[*])" , notIn: "[parameters('vulnerabilityAssessmentsEmail')]" } } , greater: 0 } , { 2 items field: "Microsoft.Sql/servers/databases/vulnerabilityAssessments/recurringScans.isEnabled" , equals: true } ] } , deployment: { 1 item properties: { 3 items mode: "Incremental" , template: { 6 items $schema: "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" , contentVersion: "1.0.0.0" , parameters: { 5 items } , variables : {} , resources: [ 1 item { 4 items name: 🔍 "[
concat(
parameters('sqlServerName'),
'/',
parameters('sqlServerDataBaseName'),
'/default'
)
]", type: "Microsoft.Sql/servers/databases/vulnerabilityAssessments" , apiVersion: "2017-03-01-preview" , properties: { 3 items storageContainerPath: 🔍 "[
concat(
'https://',
last(
split(
parameters('vulnerabilityAssessmentsStorageID'),
'/'
)
),
'.blob.core.windows.net/vulneraabilitylogs'
)
]", storageAccountAccessKey: 🔍 "[
listkeys(
parameters('vulnerabilityAssessmentsStorageID'),
providers(
'Microsoft.Storage',
'storageAccounts'
).apiVersions[
0
]
).keys[
0
].value
]", recurringScans: { 3 items isEnabled: true , emailSubscriptionAdmins: false , emails: "[parameters('vulnerabilityAssessmentsEmail')]" } } } ] , outputs : {} } , parameters: { 5 items } } } , roleDefinitionIds: [ 3 items ] } } } }
