![]() ![]() ![]() By specifying the service tag name in the appropriate source or destination field of a rule, you can allow or deny the traffic for the corresponding service. You can use service tags in place of specific IP addresses when creating security rules. SupportedĬonfiguration Guidance: Use Azure Virtual Network Service Tags to define network access controls on network security groups or Azure Firewall configured for your Azure SQL resources. Reference: Use virtual network service endpoints and rules for servers in Azure SQL Database Network Security Group Supportĭescription: Service network traffic respects Network Security Groups rule assignment on its subnets. Assign private IPs to the resource (where applicable) unless there is a strong reason to assign public IPs directly to the resource. SupportedĬonfiguration Guidance: Deploy the service into a virtual network. NS-1: Establish network segmentation boundaries Features Virtual Network Integrationĭescription: Service supports deployment into customer's private Virtual Network (VNet). Service can be deployed into customer's virtual networkįor more information, see the Microsoft cloud security benchmark: Network security. The security profile summarizes high-impact behaviors of Azure SQL, which may result in increased security considerations. To see how Azure SQL completely maps to the Microsoft cloud security benchmark, see the full Azure SQL security baseline mapping file. Features not applicable to Azure SQL have been excluded.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |