AzPolicyAdvertizer

last sync: 2024-Nov-25 18:54:24 UTC

SQL Managed Instance should have the minimal TLS version set to the highest version

Azure Landing Zones (ALZ) Policy definition

Source

Repository Azure Landing Zones (ALZ) GitHub
JSON Deny-SqlMi-minTLS

Deploy policy Deny-SqlMi-minTLS (1.1.0) to Azure

Display name

SQL Managed Instance should have the minimal TLS version set to the highest version

Deny-SqlMi-minTLS

Version

1.1.0
Details on versioning

Category

SQL

Description

Setting minimal TLS version to 1.2 improves security by ensuring your SQL Managed Instance can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.

Mode

Indexed

Type

Custom Azure Landing Zones (ALZ)

Preview

False

Deprecated

False

Effect

Default
Audit
Allowed
Audit, Disabled, Deny

RBAC role(s)

none

Rule aliases

IF (1)

Alias	Namespace	ResourceType	Path	PathIsDefault	DefaultPath	Modifiable
Microsoft.Sql/managedInstances/minimalTlsVersion	Microsoft.Sql	managedInstances	properties.minimalTlsVersion	True		False

Rule resource types

IF (1)
Microsoft.Sql/managedInstances

Initiatives usage

Initiative DisplayName	Initiative Id	Initiative Category	State
[Deprecated]: Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit	Enforce-EncryptTransit	Encryption	Deprecated
Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit	Enforce-EncryptTransit_20240509	Encryption	GA

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2024-10-10 01:17:21	change	Minor (1.0.0 > 1.1.0)

JSON compare

compare mode: version left: version right:

JSON

EPAC