Skip to content

Add SQL license type compliance Azure Policy samples#1490

Open
claestom wants to merge 1 commit into
microsoft:masterfrom
claestom:add-sql-license-type-policies
Open

Add SQL license type compliance Azure Policy samples#1490
claestom wants to merge 1 commit into
microsoft:masterfrom
claestom:add-sql-license-type-policies

Conversation

@claestom

Copy link
Copy Markdown
Contributor

Add SQL license type compliance Azure Policy samples

Summary

Adds four self-contained Azure Policy samples under samples/manage/ that detect and remediate the licenseType setting (Azure Hybrid Benefit vs. Pay-As-You-Go) across the SQL resource family. Each sample includes a custom policy definition, a deployment script, a remediation script, and a README.

What's included

Resource type Path Resource provider Effect
SQL Managed Instance samples/manage/azure-sql-db-managed-instance/sql-mi-license-type-compliance/ Microsoft.Sql/managedInstances DeployIfNotExists
SQL Server on Azure VM (IaaS) samples/manage/sql-vm/sql-iaas-license-type-compliance/ Microsoft.SqlVirtualMachine/sqlVirtualMachines DeployIfNotExists
Azure SQL Database (PaaS) samples/manage/azure-sql-db/sql-paas-license-type-compliance/ Microsoft.Sql/servers/databases DeployIfNotExists
ADF SSIS Integration Runtime samples/manage/azure-data-factory-ssis/sql-ssis-license-type-compliance/ Microsoft.DataFactory/factories/integrationRuntimes AuditIfNotExists

Each sample contains

  • policy/azurepolicy.json — custom policy definition.
  • scripts/deployment.ps1 — creates/updates the policy definition and assignment.
  • scripts/start-remediation.ps1 — remediates non-compliant resources.
  • README.md — overview, license-type mapping, and step-by-step usage.

Notes

  • The SSIS Integration Runtime must be stopped before remediation. Changing licenseType requires the IR to be in Initial/Stopped state, so start-remediation.ps1 stops the IR, sets the new licenseType, then restarts it. Plan remediation during a maintenance window, as the IR is briefly unavailable.
  • The SSIS sample uses AuditIfNotExists rather than DeployIfNotExists: because the IR must be stopped first (and a partial ARM PUT would null out computeProperties), automatic DeployIfNotExists remediation isn't supported. Remediation is performed via Set-AzDataFactoryV2IntegrationRuntime (internal GET → merge → PUT), consistent with the existing Microsoft sample enable-payg-for-azure-sql.ps1.
  • All in-repo download links and policy metadata (helpLink, source) point to the microsoft/sql-server-samples master paths.

Testing

  • Policy definitions validated as well-formed JSON.
  • Deployment and remediation scripts exercised against the corresponding SQL resource types.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant