Ensure default connection policy is not in use for Azure SQL Server

LOW

Description

Azure SQL Server instances use default connection policy, this goes against standard security compliance requirements.

Remediation

In Azure Console -

Open the Azure Portal and go to SQL servers.
Choose the SQL server you wish to edit.
Under Networking, Under Connectivity, set Connection policy as Redirect.
Select Save

In Terraform -

In the azurerm_sql_server resource, set connection_policy to Redirect.

References:
https://learn.microsoft.com/en-us/azure/azure-sql/database/connectivity-settings?view=azuresql&tabs=azure-portal
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/sql_server

Policy Details

Rule Reference ID: AC_AZURE_0258

CSP: Azure

Remediation Available: Yes

Domain: Compliance Validation

Resource: azurerm_sql_server

Resource Category: Database

Resource Type: SQL Server

Frameworks

GDPR
HIPAA
ISO-27001
NIST-800-171
NIST-800-53
NIST-CSF
PCI-DSSv3.2.1
PCI-DSSv4.0