AzPolicyAdvertizer

last sync: 2024-Sep-18 17:50:24 UTC

SQL Managed Instance should have the minimal TLS version of 1.2

Azure BuiltIn Policy definition

Source Azure Portal
Display name SQL Managed Instance should have the minimal TLS version of 1.2
Id a8793640-60f7-487c-b5c3-1d37215905c4
Version 1.0.1
Details on versioning
Versioning Versions supported for Versioning: 1
1.0.1
Built-in Versioning [Preview]
Category SQL
Microsoft Learn
Description Setting minimal TLS version to 1.2 improves security by ensuring your SQL Managed Instance can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.
Mode Indexed
Type BuiltIn
Preview False
Deprecated False
Effect Default
Audit
Allowed
Audit, Disabled
RBAC role(s) none
Rule aliases IF (1)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.Sql/managedInstances/minimalTlsVersion Microsoft.Sql managedInstances properties.minimalTlsVersion True False
Rule resource types IF (1)
Microsoft.Sql/managedInstances
Compliance
The following 4 compliance controls are associated with this Policy definition 'SQL Managed Instance should have the minimal TLS version of 1.2' (a8793640-60f7-487c-b5c3-1d37215905c4)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
ACAT_Security_Policies ACAT_Security_Policies ACAT Security Policies Guidelines for M365 Certification Protecting systems and resources Shared n/a Ensures that apps have strong security and compliance practices in place to protect customer data, security, and privacy. link 16
RMiT_v1.0 Appendix_5.6 RMiT_v1.0_Appendix_5.6 RMiT Appendix 5.6 Control Measures on Cybersecurity Control Measures on Cybersecurity - Appendix 5.6 Customer n/a Ensure security controls for remote access to server include the following: (a) restrict access to only hardened and locked down end-point devices; (b) use secure tunnels such as TLS and VPN IPSec; (c) deploy ‘gateway’ server with adequate perimeter defences and protection such as firewall, IPS and antivirus; and (d) close relevant ports immediately upon expiry of remote access. link 19
SWIFT_CSCF_v2021 2.1 SWIFT_CSCF_v2021_2.1 SWIFT CSCF v2021 2.1 Reduce Attack Surface and Vulnerabilities Internal Data Flow Security n/a Ensure the confidentiality, integrity, and authenticity of application data flows between local SWIFT-related applications. link 14
SWIFT_CSCF_v2021 2.6 SWIFT_CSCF_v2021_2.6 SWIFT CSCF v2021 2.6 Reduce Attack Surface and Vulnerabilities Operator Session Confidentiality and Integrity n/a Protect the confidentiality and integrity of interactive operator sessions connecting to the local or the remote (operated by a service provider) SWIFT-related infrastructure or applications. link 8
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
[Preview]: Control the use of Microsoft SQL in a Virtual Enclave 0fbe78a5-1722-4f1b-83a5-89c14151fa60 VirtualEnclaves Preview BuiltIn
[Preview]: SWIFT CSP-CSCF v2021 abf84fac-f817-a70c-14b5-47eec767458a Regulatory Compliance Preview BuiltIn
ACAT for Microsoft 365 Certification 80307b86-ab81-45ab-bf4f-4e0b93cf3dd5 Regulatory Compliance GA BuiltIn
Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit Enforce-EncryptTransit_20240509 Encryption GA ALZ
RMIT Malaysia 97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6 Regulatory Compliance GA BuiltIn
History
Date/Time (UTC ymd) (i) Change type Change detail
2020-10-27 14:12:45 change Patch (1.0.0 > 1.0.1)
2020-07-14 15:28:17 add a8793640-60f7-487c-b5c3-1d37215905c4
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC