diff --git a/azure-resources/Network/connections/kql/f6a14b32-a727-4ace-b5fa-7b1c6bdff402.kql b/azure-resources/Network/connections/kql/f6a14b32-a727-4ace-b5fa-7b1c6bdff402.kql index c39397d1..57dc44f0 100644 --- a/azure-resources/Network/connections/kql/f6a14b32-a727-4ace-b5fa-7b1c6bdff402.kql +++ b/azure-resources/Network/connections/kql/f6a14b32-a727-4ace-b5fa-7b1c6bdff402.kql @@ -16,4 +16,4 @@ resources | where not(erGatewayBypass) or not(privateLinkFastPath) | project recommendationId = "f6a14b32-a727-4ace-b5fa-7b1c6bdff402", id, name, tags, param1 = iff(erGatewayBypass, "Enabled: Gateway Bypass", "Disabled: Gateway Bypass"), - param2 = iff(privateLinkFastPath, "Enabled: PE FastPath", "Disabled: PE FastPath"), + param2 = iff(privateLinkFastPath, "Enabled: PE FastPath", "Disabled: PE FastPath") diff --git a/azure-resources/Sql/managedInstances/kql/15e2712c-f3ea-4a8d-9081-11e822b1ccfb.kql b/azure-resources/Sql/managedInstances/kql/15e2712c-f3ea-4a8d-9081-11e822b1ccfb.kql index 82565937..c17635fd 100644 --- a/azure-resources/Sql/managedInstances/kql/15e2712c-f3ea-4a8d-9081-11e822b1ccfb.kql +++ b/azure-resources/Sql/managedInstances/kql/15e2712c-f3ea-4a8d-9081-11e822b1ccfb.kql @@ -1,2 +1,8 @@ -// under-development - +// Azure Resource Graph Query +// Managed Instance storage backup redundancy check – any server that is not configured for GZRS +resources +| where type =~ 'Microsoft.Sql/managedInstances' +| extend backupredundancy=properties.storageAccountType +| extend ServiceTier = sku.tier +| where backupredundancy != 'GeoZone' +| project recommendationId='15e2712c-f3ea-4a8d-9081-11e822b1ccfb', name, id, param1=strcat('Service Tier:', ServiceTier), param2=strcat('Backup Redundancy:', backupredundancy) diff --git a/azure-resources/Sql/managedInstances/kql/257cd903-700f-4a79-bd37-7dce2b511df4.kql b/azure-resources/Sql/managedInstances/kql/257cd903-700f-4a79-bd37-7dce2b511df4.kql index 82565937..fa5cad25 100644 --- a/azure-resources/Sql/managedInstances/kql/257cd903-700f-4a79-bd37-7dce2b511df4.kql +++ b/azure-resources/Sql/managedInstances/kql/257cd903-700f-4a79-bd37-7dce2b511df4.kql @@ -1,2 +1 @@ -// under-development - +// cannot-be-validated-with-arg diff --git a/azure-resources/Sql/managedInstances/kql/9fad5392-b852-4807-9b6d-3f700ff9771a.kql b/azure-resources/Sql/managedInstances/kql/9fad5392-b852-4807-9b6d-3f700ff9771a.kql index 82565937..fa5cad25 100644 --- a/azure-resources/Sql/managedInstances/kql/9fad5392-b852-4807-9b6d-3f700ff9771a.kql +++ b/azure-resources/Sql/managedInstances/kql/9fad5392-b852-4807-9b6d-3f700ff9771a.kql @@ -1,2 +1 @@ -// under-development - +// cannot-be-validated-with-arg diff --git a/azure-resources/Sql/managedInstances/kql/c14de326-2729-4be7-a91f-4ea185d24b10.kql b/azure-resources/Sql/managedInstances/kql/c14de326-2729-4be7-a91f-4ea185d24b10.kql index 82565937..387aab17 100644 --- a/azure-resources/Sql/managedInstances/kql/c14de326-2729-4be7-a91f-4ea185d24b10.kql +++ b/azure-resources/Sql/managedInstances/kql/c14de326-2729-4be7-a91f-4ea185d24b10.kql @@ -1,2 +1,7 @@ -// under-development - +// Azure Resource Graph Query +// Use Redirect connection type to accelerate application access +resources +| where type =~ 'Microsoft.Sql/managedInstances' +| extend connectionpolicy=properties.proxyOverride +| where connectionpolicy != 'Redirect' +| project recommendationId='c14de326-2729-4be7-a91f-4ea185d24b10', name, id, tags, param1=strcat('Connection Policy:', connectionpolicy) diff --git a/azure-resources/Sql/managedInstances/kql/c9afeb1e-e706-4809-be4e-75d9fac708f2.kql b/azure-resources/Sql/managedInstances/kql/c9afeb1e-e706-4809-be4e-75d9fac708f2.kql index 82565937..fa5cad25 100644 --- a/azure-resources/Sql/managedInstances/kql/c9afeb1e-e706-4809-be4e-75d9fac708f2.kql +++ b/azure-resources/Sql/managedInstances/kql/c9afeb1e-e706-4809-be4e-75d9fac708f2.kql @@ -1,2 +1 @@ -// under-development - +// cannot-be-validated-with-arg diff --git a/azure-resources/Sql/managedInstances/kql/f8f834a9-c761-4e84-b2cb-ac55494d0c37.kql b/azure-resources/Sql/managedInstances/kql/f8f834a9-c761-4e84-b2cb-ac55494d0c37.kql index 82565937..6b1071ef 100644 --- a/azure-resources/Sql/managedInstances/kql/f8f834a9-c761-4e84-b2cb-ac55494d0c37.kql +++ b/azure-resources/Sql/managedInstances/kql/f8f834a9-c761-4e84-b2cb-ac55494d0c37.kql @@ -1,2 +1,9 @@ -// under-development - +// Azure Resource Graph Query +// Managed Instance zone redundancy check – any server that is not configured for ZR +resources +| where type =~ 'Microsoft.Sql/managedInstances' +| extend InstanceName = properties.fullyQualifiedDomainName +| extend ServiceTier = sku.tier +| extend zoneRedundant=properties.zoneRedundant +| where zoneRedundant == 'false' +| project recommendationId='f8f834a9-c761-4e84-b2cb-ac55494d0c37', name, id, tags, param1=strcat('Service Tier:', ServiceTier), param2=strcat('Zone Redundant:', zoneRedundant) diff --git a/azure-resources/Sql/managedInstances/recommendations.yaml b/azure-resources/Sql/managedInstances/recommendations.yaml index 592b63b1..be93d21d 100644 --- a/azure-resources/Sql/managedInstances/recommendations.yaml +++ b/azure-resources/Sql/managedInstances/recommendations.yaml @@ -1,4 +1,4 @@ -- description: Enable zone redundancy for Azure SQL Managed Instance to achieve high availability and resiliency +- description: Enable zone redundancy for Azure SQL Managed Instance to improve high availability and resiliency aprlGuid: f8f834a9-c761-4e84-b2cb-ac55494d0c37 recommendationTypeId: null recommendationControl: High Availability @@ -6,11 +6,11 @@ recommendationResourceType: Microsoft.Sql/managedInstances recommendationMetadataState: Active longDescription: | - By default, Azure SQL Database premium tier provisions multiple copies within the same region. For geo redundancy, databases can be set as Zone Redundant, distributing copies across Azure Availability Zones to maintain availability during regional outages. + Azure SQL Managed Instance offers built-in availability by deploying multiple replicas in the same zone. For higher availability, use a zone-redundant configuration that spreads replicas across three Azure availability zones, each with independent power, cooling, and networking. potentialBenefits: Enhanced availability and reliability pgVerified: false publishedToLearn: false - automationAvailable: false + automationAvailable: True tags: null learnMoreLink: - name: High availability through zone-redundancy @@ -19,16 +19,16 @@ - description: Use Zone-redundant or Geo-zone-redundant Backup storage redundancy aprlGuid: 15e2712c-f3ea-4a8d-9081-11e822b1ccfb recommendationTypeId: null - recommendationControl: High Availability + recommendationControl: Disaster Recovery recommendationImpact: High recommendationResourceType: Microsoft.Sql/managedInstances recommendationMetadataState: Active longDescription: | - This copies your backups synchronously across three Azure availability zones in the primary region, if Geo is selected it creates 3 more copies in a secondary region. + Configuring zone redundancy option for backups copies your backup file synchronously across three Azure availability zones in the primary region. If Geo is selected, then it copies your data asynchronously three times to a single physical location in the paired secondary region. potentialBenefits: Enhanced availability and reliability pgVerified: false publishedToLearn: false - automationAvailable: false + automationAvailable: True tags: null learnMoreLink: - name: Backup storage redundancy @@ -42,11 +42,11 @@ recommendationResourceType: Microsoft.Sql/managedInstances recommendationMetadataState: Active longDescription: | - Redirect mode enables direct connectivity to the instance resulting in improved latency and throughput. Redirect mode applies to the VNet-local endpoint only, while the public endpoint will always default to Proxy connection mode. + Redirect mode enables direct connectivity to the instance bypassing the local gateway component and resulting in improved latency and throughput. Redirect mode applies to the VNet-local endpoint only, while the public and private endpoint will always operate in Proxy connection mode. potentialBenefits: Improved latency and throughput pgVerified: false publishedToLearn: false - automationAvailable: false + automationAvailable: True tags: null learnMoreLink: - name: Connection types @@ -60,7 +60,7 @@ recommendationResourceType: Microsoft.Sql/managedInstances recommendationMetadataState: Active longDescription: | - If an outage impacts one or more of the databases in the managed instance, you can manually or automatically failover all the databases inside the instance to a secondary region. + During an outage on the managed instance, use the failover group to switch all databases to a secondary region, either manually or automatically. Route connections to the failover group’s listener instead of the primary instance to avoid changing the connection string after geo-failover. potentialBenefits: Ensure seamless service with cross-region failover pgVerified: false publishedToLearn: false @@ -78,7 +78,7 @@ recommendationResourceType: Microsoft.Sql/servers recommendationMetadataState: Active longDescription: | - Monitoring and alerting are an important part of database operations. When working with Azure SQL Database, make use of Azure Monitor and SQL Insights to ensure that you capture relevant database metrics. + Monitoring and alerting are an important part of database operations. When working with Azure SQL Managed Instance, make use of Azure Monitor and Database watcher to ensure that you capture relevant database metrics. potentialBenefits: Quick incident detection and response pgVerified: false publishedToLearn: false @@ -86,7 +86,7 @@ tags: null learnMoreLink: - name: Azure SQL Managed Instance monitoring options - url: "https://techcommunity.microsoft.com/t5/azure-sql/monitoring-options-available-for-azure-sql-managed-instance/ba-p/1065416" + url: "https://learn.microsoft.com/azure/azure-sql/managed-instance/monitoring-sql-managed-instance-azure-monitor?view=azuresql-mi" - description: Back Up Your Keys aprlGuid: 9fad5392-b852-4807-9b6d-3f700ff9771a