Ensure that your Microsoft Azure SQL database servers are accessible through private endpoints instead of public IP addresses or service endpoints, in order to eliminate the exposure from the public Internet.
This rule resolution is part of the Cloud Conformity Security & Compliance tool for Azure
You can connect to your Azure SQL database servers either publicly, via public IP addresses or service endpoints, or privately, using a private endpoint. A private endpoint connection is associated with a private IP address available within an Azure virtual network. This virtual network usually contains the virtual machines (VMs) that can access your targeted private resource – in this case, the SQL database server.
Note: Private endpoint connections are defined at the SQL server level and they provide access to all databases on the server.
To determine if your Azure SQL database servers are accessible via private endpoints only, perform the following actions:Note: Auditing Azure SQL database servers for configured private endpoints using Azure CLI or Azure PowerShell is not currently supported.
Remediation / Resolution
To configure your Microsoft Azure SQL database servers to be accessible via private endpoints only, perform the following actions:
- Azure Official Documentation
- What is Azure Private Link?
- Quickstart: Create a Private Endpoint using Azure portal
- Quickstart: Create a private endpoint using Azure CLI
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
You are auditing:
Check for Publicly Accessible SQL Servers
Risk level: High