From 1f5d3bc0ed92b1c4fc8419495fecb3035e5f8a4e Mon Sep 17 00:00:00 2001 From: Jurjen Ladenius Effectory Date: Thu, 15 May 2025 14:32:07 +0000 Subject: [PATCH] Merged PR 59561: Require TLS 1.2 or 1.3 in policy #117286 Require TLS 1.2 or 1.3 in policy #117286 Related work items: #117286 --- ...ld only accept TLS 1.2 or higher (v5).json | 115 ++++++++++++++++++ Powershell/Lists/SQL/SQLUserCheck.ps1 | 4 +- 2 files changed, 118 insertions(+), 1 deletion(-) create mode 100644 Policies/Web Applications should only accept TLS 1.2 or higher (v5).json diff --git a/Policies/Web Applications should only accept TLS 1.2 or higher (v5).json b/Policies/Web Applications should only accept TLS 1.2 or higher (v5).json new file mode 100644 index 0000000..41ae0fa --- /dev/null +++ b/Policies/Web Applications should only accept TLS 1.2 or higher (v5).json @@ -0,0 +1,115 @@ +{ + "mode": "All", + "policyRule": { + "if": { + "anyOf": [ + { + "allOf": [ + { + "field": "type", + "equals": "Microsoft.Web/sites" + }, + { + "field": "Microsoft.Web/sites/httpsOnly", + "notEquals": "true" + } + ] + }, + { + "allOf": [ + { + "field": "type", + "equals": "Microsoft.Web/sites/slots" + }, + { + "field": "Microsoft.Web/sites/slots/httpsOnly", + "notEquals": "true" + } + ] + }, + { + "allOf": [ + { + "field": "type", + "equals": "Microsoft.Web/sites/config" + }, + { + "field": "name", + "notLike": "connectionstrings" + }, + { + "field": "name", + "notLike": "backup" + }, + { + "field": "name", + "notLike": "authsettingsV2" + }, + { + "field": "name", + "notLike": "authsettings" + }, + { + "field": "name", + "notLike": "appsettings" + }, + { + "field": "Microsoft.Web/sites/config/minTlsVersion", + "less": "1.2" + } + ] + }, + { + "allOf": [ + { + "field": "type", + "equals": "Microsoft.Web/sites/slots/config" + }, + { + "field": "name", + "notLike": "connectionstrings" + }, + { + "field": "name", + "notLike": "backup" + }, + { + "field": "name", + "notLike": "authsettingsV2" + }, + { + "field": "name", + "notLike": "authsettings" + }, + { + "field": "name", + "notLike": "appsettings" + }, + { + "field": "Microsoft.Web/sites/slots/config/minTlsVersion", + "less": "1.2" + } + ] + } + ] + }, + "then": { + "effect": "[parameters('effect')]" + } + }, + "parameters": { + "effect": { + "type": "String", + "metadata": { + "displayName": "Effect", + "description": "Enable or disable the execution of the policy" + }, + "allowedValues": [ + "Audit", + "deny", + "Disabled" + ], + "defaultValue": "Audit" + } + } + } \ No newline at end of file diff --git a/Powershell/Lists/SQL/SQLUserCheck.ps1 b/Powershell/Lists/SQL/SQLUserCheck.ps1 index e38dc02..36e2784 100644 --- a/Powershell/Lists/SQL/SQLUserCheck.ps1 +++ b/Powershell/Lists/SQL/SQLUserCheck.ps1 @@ -21,7 +21,9 @@ class UserItem { [string] $AuthenticationType = "" } -$serverList= @('c0m7f8nybr.database.windows.net','calculations.database.windows.net','effectory.database.windows.net','effectorycore.database.windows.net', 'logit-backup.database.windows.net', 'mhpfktialk.database.windows.net', 'participants.database.windows.net', 'signin-effectory.database.windows.net', 'sqlserver01prod.6a1f4aa9f43a.database.windows.net') +$serverList= @('c0m7f8nybr.database.windows.net','calculations.database.windows.net','effectory.database.windows.net','effectorycore.database.windows.net', +'logit-backup.database.windows.net', 'mhpfktialk.database.windows.net', 'participants.database.windows.net', 'signin-effectory.database.windows.net', +'sqlserver01prod.6a1f4aa9f43a.database.windows.net') # 'sqlserver01test.164709c94fb0.database.windows.net', 'replication.database.windows.net',