Azure-SQLServer-SQL-Server-Private-Endpoints-Configured

Severity : High

Description: This control ensures that private endpoint connections on Azure SQL Database is enabled. Azure Private Endpoint is a network interface that connects you privately and securely to a service powered by Azure Private Link. Private Endpoint uses a private IP address from virtual network, effectively bringing the service into virtual network. When using private endpoints for Azure services, traffic is secured to a specific private link resource. The platform performs an access control to validate network connections reaching only the specified private link resource. This control provides an extra network security layer to resources by providing a built-in exfiltration protection that prevents access to other resources hosted on the same Azure service.

Remediation Steps:

Perform following to configure private endpoint :

1. Login to Azure Portal using https://portal.azure.com.

2. Navigate to SQL Databases.

3. Select the SQL Database to be remediated.

4. Under Security, select Private endpoint connections.

5. Click +Private endpoint.

6. Under the Basics tab, enter Project Details and Instance Details.

7. Select Next.

8. Under the Resource tab, enter Connection method, Subscription.

9. Select Resource type for Sql/servers.

10. For Resource, Select SQL server name.

11. Select sqlServer as Target sub-resource.

12. Select Next.

13. Under Configuration Tab, select Virtual Network , and Subnet.

14. Select Yes for Integrate with a private network.

15. Select your Subscription and Private Dns Zone.

16. Select Next.

17. Add Tags.

18. Select Next.

19. Select Create, in Review +Create.

Important:

Reference:

• Create an Azure SQL server and private endpoint