Azure SQL Database
An Azure relational database service.
5,731 questions
Does the current SQL Database TLS Policy check if nothing is selected?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(176, 48%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPG%3C/text%3E%3C/svg%3E)
Pooja Goel
0
Reputation points
We recently implemented a built-in Azure Policy, that checks for the minimum TLS Version to be 1.2. - https://portal.azure.com/#view/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F32e6bbec-16b6-44c2-be37-c5b672d103cf
When running the policy against our resources, the report returns compliant, whereas on the resource itself, the MinimalTLSVersion is 'None'.
Do we need to tweak the policy to check if nothing is defined?
{count} votes
-
tbgangav-MSFT 10,416 Reputation points2024-06-04T18:50:52.8366667+00:00 Hi @Pooja Goel ,
Yes, I believe you are correct.
I have tested the policy as is by setting one resource with tls less than 1.2 and another resource with tls as none. On doing the compliance scan, I see that resource with tls less than 1.2 is shown as non-compliant whereas another resource with tls as none is shown as compliant! Let me try to tweak the policy to check if nothing is defined and get back with insights after I test it out successfully.
For illustration, check below screenshots.
Compliance details for resource with tls less than 1.2:
Compliance details for resource with tls as none:
Sign in to comment
Sign in to answer