Remediation
From Azure Portalβ
- Go to
SQL servers. - For each SQL server:
- Under
Security, clickNetworking. - Uncheck
Allow Azure services and resources to access this server. - Set firewall rules to limit access to only authorized connections.
- Click
Save.
From Azure CLIβ
Disable the default firewall rule Allow access to Azure services:
az sql server firewall-rule delete \
--resource-group {{resource-group-name}} \
--server {{sql-server-name}} \
--name "AllowAllWindowsAzureIps"
Remove a custom firewall rule:
az sql server firewall-rule delete \
--resource-group {{resource-group-name}} \
--server {{sql-server-name}} \
--name {{firewall-rule-name}}
Create a firewall rule:
az sql server firewall-rule create \
--resource-group {{resource-group-name}} \
--server {{sql-server-name}} \
--name {{firewall-rule-name}} \
--start-ip-address "{{ip-address-other-than-0-0-0-0}}" \
--end-ip-address "{{ip-address-other-than-0-0-0-0-or-255-255-255-255}}"
Update a firewall rule:
az sql server firewall-rule update \
--resource-group {{resource-group-name}} \
--server {{sql-server-name}} \
--name {{firewall-rule-name}} \
--start-ip-address "{{ip-address-other-than-0-0-0-0}}" \
--end-ip-address "{{ip-address-other-than-0-0-0-0-or-255-255-255-255}}"
From PowerShellβ
Disable the default firewall rule Allow access to Azure services:
Remove-AzSqlServerFirewallRule `
-FirewallRuleName "AllowAllWindowsAzureIps" `
-ResourceGroupName {{resource-group-name}} `
-ServerName {{sql-server-name}}
Remove a custom Firewall rule:
Remove-AzSqlServerFirewallRule `
-FirewallRuleName "{{firewall-rule-name}}" `
-ResourceGroupName {{resource-group-name}} `
-ServerName {{sql-server-name}}
Set the appropriate firewall rules:
Set-AzSqlServerFirewallRule `
-ResourceGroupName {{resource-group-name}} `
-ServerName {{sql-server-name}} `
-FirewallRuleName "{{firewall-rule-name}}" `
-StartIpAddress "{{ip-address-other-than-0-0-0-0}}" `
-EndIpAddress "{{ip-address-other-than-0-0-0-0-or-255-255-255-255}}"