Remediation
From Azure Portalβ
- Go to
SQL servers. - For each SQL server.
- Under
Security, clickNetworking. - Uncheck
Allow Azure services and resources to access this server. - Set firewall rules to limit access to only authorized connections.
- Click
Save.
From Azure CLIβ
Disable default firewall rule Allow access to Azure services:
az sql server firewall-rule delete --resource-group <resource group> --server <sql server name> --name "AllowAllWindowsAzureIps"
Remove a custom firewall rule:
az sql server firewall-rule delete --resource-group <resource group> --server <sql server name> --name <firewall rule name>
Create a firewall rule:
az sql server firewall-rule create --resource-group <resource group> --server <sql server name> --name <firewall rule name> --start-ip-address "<IP Address other than 0.0.0.0>" --end-ip-address "<IP Address other than 0.0.0.0 or 255.255.255.255>"
Update a firewall rule:
az sql server firewall-rule update --resource-group <resource group> --server <sql server name> --name <firewall rule name> --start-ip-address "<IP Address other than 0.0.0.0>" --end-ip-address "<IP Address other than 0.0.0.0 or 255.255.255.255>"
From PowerShellβ
Disable Default Firewall Rule Allow access to Azure services:
Remove-AzSqlServerFirewallRule -FirewallRuleName "AllowAllWindowsAzureIps" -ResourceGroupName <resource group name> -ServerName <server name>
Remove a custom Firewall rule:
Remove-AzSqlServerFirewallRule -FirewallRuleName "<firewall rule name>" -ResourceGroupName <resource group name> -ServerName <server name>
Set the appropriate firewall rules:
Set-AzSqlServerFirewallRule -ResourceGroupName <resource group name> -ServerName <server name> -FirewallRuleName "<firewall rule name>" -StartIpAddress "<IP Address other than 0.0.0.0>" -EndIpAddress "<IP Address other than 0.0.0.0 or 255.255.255.255>"