search

Azure / Enterprise-Scale

The Azure Landing Zones (Enterprise-Scale) architecture provides prescriptive guidance coupled with Azure best practices, and it follows design principles across the critical design areas for organizations to define their Azure architecture
https://aka.ms/alz
MIT License
1.72k stars 978 forks source link

Azure Defender for SQL duplicate policies #1636

Closed alperkar closed 5 months ago

alperkar commented 6 months ago

Describe the bug In the ALZ Policies wiki (https://github.com/Azure/Enterprise-Scale/wiki/ALZ-Policies), you recommend assigning Configure Azure Defender to be enabled on SQL Servers and SQL Managed Instances policy initiative to intermediate root management group.

And then, the same document recommends assigning Configure Azure Defender to be enabled on SQL servers (assignment name: Deploy Threat Detection on SQL servers), to the landing zones management group. This is basically a policy contained by the above mentioned policy initiative. Is there a logic behind this that I don't understand or this is just an oversight?

Steps to reproduce

1. 2.

Screenshots

Springstone commented 6 months ago

Known issue, reported previously. We're working through some major updates at the moment, and Defender for Cloud team are making a bunch of changes at the moment, but will review for next refresh.

Springstone commented 5 months ago

To clarify the original ask, no harm no foul. At Intermediate Root, we recommend policies (that can be disabled), and at landing zones scope we also recommend policies (that can be disabled). While not intentional, we're making sure that proper security controls are in place (some may not accept at intermediate scope).

If this is a problem for you, please re-open with detail and we'll work on addressing the concern.