AzPolicyAdvertizer

last sync: 2024-Nov-25 18:54:24 UTC

A Microsoft Entra administrator should be provisioned for MySQL servers

Azure BuiltIn Policy definition

Source Azure Portal
Display name A Microsoft Entra administrator should be provisioned for MySQL servers
Id 146412e9-005c-472b-9e48-c87b72ac229e
Version 1.1.1
Details on versioning
Versioning Versions supported for Versioning: 2
1.1.0
1.1.1
Built-in Versioning [Preview]
Category SQL
Microsoft Learn
Description Audit provisioning of a Microsoft Entra administrator for your MySQL server to enable Microsoft Entra authentication. Microsoft Entra authentication enables simplified permission management and centralized identity management of database users and other Microsoft services
Mode Indexed
Type BuiltIn
Preview False
Deprecated False
Effect Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
RBAC role(s) none
Rule aliases none
Rule resource types IF (1)
Microsoft.DBforMySQL/servers
THEN-Details (1)
Microsoft.DBforMySQL/servers/administrators
Compliance
The following 2 compliance controls are associated with this Policy definition 'A Microsoft Entra administrator should be provisioned for MySQL servers' (146412e9-005c-472b-9e48-c87b72ac229e)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
Azure_Security_Benchmark_v3.0 DP-4 Azure_Security_Benchmark_v3.0_DP-4 Microsoft cloud security benchmark DP-4 Data Protection Enable data at rest encryption by default Shared **Security Principle:** To complement access controls, data at rest should be protected against 'out of band' attacks (such as accessing underlying storage) using encryption. This helps ensure that attackers cannot easily read or modify the data. **Azure Guidance:** Many Azure services have data at rest encryption enabled by default at the infrastructure layer using a service-managed key. Where technically feasible and not enabled by default, you can enable data at rest encryption in the Azure services, or in your VMs for storage level, file level, or database level encryption. **Implementation and additional context:** Understand encryption at rest in Azure: https://docs.microsoft.com/azure/security/fundamentals/encryption-atrest#encryption-at-rest-in-microsoft-cloud-services Data at rest double encryption in Azure: https://docs.microsoft.com/azure/security/fundamentals/encryption-models Encryption model and key management table: https://docs.microsoft.com/azure/security/fundamentals/encryption-models n/a link 8
New_Zealand_ISM 16.1.32.C.01 New_Zealand_ISM_16.1.32.C.01 New_Zealand_ISM_16.1.32.C.01 16. Access Control and Passwords 16.1.32.C.01 System user identification n/a Agencies MUST ensure that all system users are: uniquely identifiable; and authenticated on each occasion that access is granted to a system. 18
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
Microsoft cloud security benchmark 1f3afdf9-d0c9-4c3d-847f-89da613e70a8 Security Center GA BuiltIn
New Zealand ISM 4f5b1359-4f8e-4d7c-9733-ea47fcde891e Regulatory Compliance GA BuiltIn
History
Date/Time (UTC ymd) (i) Change type Change detail
2023-11-17 19:29:28 change Patch (1.1.0 > 1.1.1)
2023-04-06 17:42:16 change Minor (1.0.0 > 1.1.0)
2023-02-10 18:41:56 add 146412e9-005c-472b-9e48-c87b72ac229e
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC