AzPolicyAdvertizer

last sync: 2024-Nov-25 18:54:24 UTC

SQL Database should avoid using GRS backup redundancy

Azure BuiltIn Policy definition

Source

Azure Portal

Display name

SQL Database should avoid using GRS backup redundancy

b219b9cf-f672-4f96-9ab0-f5a3ac5e1c13

Version

2.0.0
Details on versioning

Versioning

Versions supported for Versioning: 1
2.0.0
Built-in Versioning [Preview]

Category

SQL
Microsoft Learn

Description

Databases should avoid using the default geo-redundant storage for backups, if data residency rules require data to stay within a specific region. Note: Azure Policy is not enforced when creating a database using T-SQL. If not explicitly specified, database with geo-redundant backup storage is created via T-SQL.

Mode

Indexed

Type

BuiltIn

Preview

False

Deprecated

False

Effect

Default
Deny
Allowed
Deny, Disabled

RBAC role(s)

none

Rule aliases

IF (3)

Alias	Namespace	ResourceType	Path	PathIsDefault	DefaultPath	Modifiable
Microsoft.Sql/servers/databases/edition	Microsoft.Sql Microsoft.Sql	servers/databases servers/databases	properties.edition sku.tier	False True	sku.tier	False False
Microsoft.Sql/servers/databases/requestedBackupStorageRedundancy	Microsoft.Sql	servers/databases	properties.storageAccountType	False	properties.requestedBackupStorageRedundancy	False
Microsoft.Sql/servers/databases/storageAccountType	Microsoft.Sql	servers/databases	properties.storageAccountType	False	properties.requestedBackupStorageRedundancy	False

Rule resource types

IF (1)
Microsoft.Sql/servers/databases

Compliance

The following 4 compliance controls are associated with this Policy definition 'SQL Database should avoid using GRS backup redundancy' (b219b9cf-f672-4f96-9ab0-f5a3ac5e1c13)

Control Domain	Control	Name	MetadataId	Category	Title	Owner	Requirements	Description	Info	Policy#
	op.cont.3 Periodic tests	op.cont.3 Periodic tests	404 not found				n/a	n/a		91
	op.cont.4 Alternative means	op.cont.4 Alternative means	404 not found				n/a	n/a		95
	op.exp.3 Security configuration management	op.exp.3 Security configuration management	404 not found				n/a	n/a		123
RMiT_v1.0	10.49	RMiT_v1.0_10.49	RMiT 10.49	Cloud Services	Cloud Services - 10.49	Shared	n/a	A financial institution must fully understand the inherent risk of adopting cloud services. In this regard, a financial institution is required to conduct a comprehensive risk assessment prior to cloud adoption which considers the inherent architecture of cloud services that leverages on the sharing of resources and services across multiple tenants over the Internet. The assessment must specifically address risks associated with the following: (a) sophistication of the deployment model; (b) migration of existing systems to cloud infrastructure; (c) location of cloud infrastructure; (d) multi-tenancy or data co-mingling; (e) vendor lock-in and application portability or interoperability; (f) ability to customise security configurations of the cloud infrastructure to ensure a high level of data and technology system protection; (g) exposure to cyber-attacks via cloud service providers; (h) termination of a cloud service provider including the ability to secure the financial institution's data following the termination; (i) demarcation of responsibilities, limitations and liability of the service provider; and (j) ability to meet regulatory requirements and international standards on cloud computing on a continuing basis.	link	5

Initiatives usage

Initiative DisplayName	Initiative Id	Initiative Category	State	Type
RMIT Malaysia	97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6	Regulatory Compliance	GA	BuiltIn
Spain ENS	175daf90-21e1-4fec-b745-7b4c909aa94c	Regulatory Compliance	GA	BuiltIn

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2021-04-27 15:38:15	change	Major (1.0.1 > 2.0.0)
2021-02-10 14:43:58	change	Patch (1.0.0 > 1.0.1)
2020-09-09 11:24:03	add	b219b9cf-f672-4f96-9ab0-f5a3ac5e1c13

JSON compare

compare mode: version left: version right:

JSON

api-version=2021-06-01
EPAC