AZ-022 Microsoft Azure

SQL server firewall does not allow 0.0.0.0 (all internet).

SQL server firewall does not allow 0.0.0.0 (all internet).

Domain
Microsoft Azure
Area
Database (SQL)
Automated / manual
Automated

Risk if it fails

Open DB firewall = direct internet exposure.

A database open to the entire internet is directly attackable; attackers brute-force the login or exploit a flaw and walk away with the whole dataset.

How Tess tests it

1 test — each concludes only on cited evidence.

SQL server firewall does not allow 0.0.0.0 (all internet).

Automated
Procedure
Confirm no firewall rule spans 0.0.0.0-255.255.255.255.

Read-only command 

az sql server firewall-rule list --resource-group <rg> --server <server> -o table

More in Microsoft Azure

AZ-001 MFA is enforced for all users, especially privileged roles. AZ-002 Number of Global Administrators is limited (typically 2-4). AZ-003 Privileged Identity Management (PIM) provides just-in-time elevation. AZ-004 Legacy/basic authentication is blocked.

Want Tess to test AZ-022 against your evidence?

Book a demo