Hi @Rahul Nair Sorry for the delay in response, thank you for your patience.
There are three offerings with Postgres as Platform as Service (PaaS). That includes Azure Database for PostgreSQL – Single Server, Azure Database for PostgreSQL – Flexible Server, Azure Database for PostgreSQL – Hyperscale. When we talk about connection endpoints we offer with these services.
.
•Ensures SSL connection is enforced on MySQL servers- As PaaS service we enforce SSL\TLS client connections for all our offerings by default.
•Ensures logs are configured to be retained for 4 or more days for PostgreSQL servers - Again it’s a PaaS service so logs retained by us, service can be configured to move logs to azure storage as well. log_retention_period parameter can be used to set up retention up to 7 days.
•Ensures connection throttling is enabled for PostgreSQL servers - .That is controlled via Postgres parameter -Connection-Throttling-Enabled | Vulnerability Database | Aqua Security Can be set either via Azure Portal, CLI, etc
•Ensures connection duration logs are enabled for PostgreSQL servers - Set through parameters - How to configure Postgres log settings - Microsoft Tech Community
•Ensures disconnection logs are enabled for PostgreSQL servers- Set through parameters - How to configure Postgres log settings - Microsoft Tech Community
•Ensures connection logs are enabled for PostgreSQL servers- Set through parameters - How to configure Postgres log settings - Microsoft Tech Community
•Ensures log checkpoints are enabled for PostgreSQL servers - Set through parameters - How to configure Postgres log settings - Microsoft Tech Community
•Ensures SSL connections are enforced on PostgreSQL Servers - As PaaS service, we enforce SSL\TLS client connections for all our offerings by default
•Ensures that Active Directory admin is set up on all PostgreSQL servers. That feature can only be enabled in Azure Database for Single Server, it will be implemented in other offerings soon.
•Ensure that your Microsoft Azure PostgreSQL database servers have geo-redundant backups enabled- This feature is only available in Single Server, and only as Preview in Flexible Server.
As stated above checking all this programmatically can be done via CLI on all versions of the service, including Single, Flexible and Hyperscale (az postgres flexible-server | Microsoft Learn, az postgres server | Microsoft Learn)
Regards
Geetha