search

Azure / azure-policy

Repository for Azure Resource Policy built-in definitions and samples
MIT License
1.47k stars 1.07k forks source link

Issue of "Azure SQL Database should be running TLS version 1.2 or newer" #1330

Open yangchengs opened 1 month ago

yangchengs commented 1 month ago

Details of the scenario you tried and the problem that is occurring

Azure SQL Database should be running TLS version 1.2 or newer https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlServer_MiniumTLSVersion_Audit.json "if": { "allOf": [ { "field": "type", "equals": "Microsoft.Sql/servers" }, { "anyOf": [ { "field": "Microsoft.Sql/servers/minimalTlsVersion", "exists": false }, { "field": "Microsoft.Sql/servers/minimalTlsVersion", "less": "1.2" } ] } ] }, We can use command to update the TLS to None but the compliance is True when the min tls is NULL Set-AzSqlServer -ResourceGroupName "myRg" -ServerName "sqlName" -MinimalTlsVersion "None" --

Verbose logs showing the problem

Suggested solution to the issue

  "if": {
    "allOf": [
      {
        "field": "type",
        "equals": "Microsoft.Sql/servers"
      },
      {
        "anyOf": [
          {
            "field": "Microsoft.Sql/servers/minimalTlsVersion",
            "exists": false
          },
          {
            "field": "Microsoft.Sql/servers/minimalTlsVersion",
            "less": "1.2"
          },
          {
            "field": "Microsoft.Sql/servers/minimalTlsVersion",
            "equals": "None"
          }
        ]
      }
    ]
  },
  "then": {
    "effect": "[parameters('effect')]"
  }

If policy is Guest Configuration - details about target node