Closed vegazbabz closed 5 months ago
jtracey93
commented
9 months ago Thanks @vegazbabz
For the policy enhancement suggestions here, we will triage and come back to you with any further questions or clarity we may have or require and let you know an outcome.
If you haven't already checkout our new GitHub Issue Form for taking in new ALZ Policy Requests
Thanks - the ALZ Team
vegazbabz
commented
9 months ago If you haven't already checkout our new GitHub Issue Form for taking in new ALZ Policy Requests
Thanks - the ALZ Team
Already checked this out and reported one there. However, this seems to be for new policies and not for enhancements of existing. If that is not correct, then please update the descriptions :)
jtracey93
commented
9 months ago @springstone, see above comment around form
Springstone
commented
6 months ago Addressed in PR https://github.com/Azure/Enterprise-Scale/pull/1622
Replace the policy "Azure SQL Database should have the minimal TLS version set to the highest version" (Deny-Sql-minTLS) with the built-in policy "Azure SQL Database should be running TLS version 1.2 or newer".
Reasoning: No reason to have min. TLS version as a parameter. v1.2 (or 1.3) is the only version to use. Rest is insecure and should never be used. Legacy apps running this, should be exempted from this policy, however, it should not be the organization’s default to have 1.0 or 1.1, which is why it should not be supported in a policy used for an initiative for the LZ MG.
It is currently part of the policy initiative "Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit" (Enforce-EncryptTransit).