In this blog article, we will cover how we can use customer Azure policy to prevent users from changing the Azure SQL database connections policy.
Azure SQL database has three options for the connection policy (default, redirect, and proxy) and you can have more information about these options by checking this document: Connectivity architecture - Azure SQL Database and SQL database in Fabric | Microsoft Learn
We had a scenario were a user wanted to force the proxy and disallow changing it to either redirect or default due to the range of port. Below steps will help you to achieve these:
1) From the Azure portal, access Azure policy, then definitions blade.
2) Create a new policy definition.
3) Add the definition location (which subscription will be hosting this policy), Name, and description.
4) Set the category to use existing and select SQL (as below):
5) Then add the below policy definition into the rule field:
Note: you can adjust the below format with the value redirect for example if you are planning to force the redirect, this can be change on line 13 in the below code.
{
"mode": "All",
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Sql/servers/connectionPolicies"
},
{
"not": {
"field": "Microsoft.Sql/servers/connectionPolicies/connectionType",
"equals": "Proxy"
} }
]
},
"then": {
"effect": "deny"
} },
"parameters": {}
}
6) Then save the policy.
Now since the policy definition has been created, you can add an assignment that refers to which resource will have this policy applied on.
From Azure policies page, and access definitions blade -> select the created custom policy, and click assign policy (you can assign on the Subscription level or a specific resource group depending on your business requirements).
After the assignment, if you try to change the connections policy you are expected to see the below error:
Failed to update server connection policy for server servername.Error: Resource 'default' was disallowed by policy.
References
- Tutorial: Create a custom policy definition - Azure Policy | Microsoft Learn
- Also this is another blog article using the same method if you want to force a specific number of days for your Azure SQL database backup retention period: Azure custom policy to prevent backup retention period to be below X number - Azure SQL | Microsoft Community Hub
Disclaimer
Please note that products and options presented in this article are subject to change. This article reflects for Azure SQL Database in September 2025.
I hope this article was helpful for you, please feel free to share your feedback in the comments section.
Microsoft