[Policy]: Add "Azure SQL Database should have Microsoft Entra-only authentication enabled" to "Enforce-Guardrails-SQL"

### Policy Definition or Initiative

Definition

### Built-in/Custom

Built-in

### Built-in policy definition or initiative ID

b3a22bc9-66de-45fb-98fa-00f5df42f41a

### Custom policy definition or initiative description

N/A

### Scope

Intermediate Root

### Default Assignment

- [ ] Yes

### Comments/thoughts

The _Enforce-Guardrails-SQL_ initiative currently only includes _Azure SQL Database should have Microsoft Entra-only authentication enabled **during creation**_. App teams are thus able to disable Entra-only authentication after initial deployment.

Adding the policy _Azure SQL Database should have Microsoft Entra-only authentication enabled_ would close this loophole.

BTW the same situation applies to the initiative "Enforce-Guardrails-CosmosDb", so maybe this is by design? 

Thanks for looking into it!

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[Policy]: Add "Azure SQL Database should have Microsoft Entra-only authentication enabled" to "Enforce-Guardrails-SQL" #2030

Policy Definition or Initiative

Built-in/Custom

Built-in policy definition or initiative ID

Custom policy definition or initiative description

Scope

Default Assignment

Comments/thoughts

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

[Policy]: Add "Azure SQL Database should have Microsoft Entra-only authentication enabled" to "Enforce-Guardrails-SQL" #2030

Description

Policy Definition or Initiative

Built-in/Custom

Built-in policy definition or initiative ID

Custom policy definition or initiative description

Scope

Default Assignment

Comments/thoughts

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions