1. Log in to the Azure portal.
2. Navigate to the SQL database server that has unrestricted access.
3. Click on the “Firewalls and virtual networks” option under the “Security” section in the left-hand menu.
4. Under the “Firewall rules” section, click on the “Add client IP” button to add your IP address to the allowed list.
5. If you want to allow access to specific IP addresses or ranges, click on the “Add IP range” button and enter the appropriate information.
6. Click on the “Save” button to apply the changes.

​

1. Open the Azure CLI and login to your Azure account.
2. Identify the SQL Database Server that has unrestricted access by running the following command:
   Copy

   Ask AI

   az sql server list
   

   This will list all the SQL Database Servers in your Azure account.
3. Once you have identified the SQL Database Server, run the following command to update the firewall rules:
   Copy

   Ask AI

   az sql server firewall-rule update --resource-group <resource-group-name> --server <server-name> --name AllowAllWindowsAzureIps --start-ip-address 0.0.0.0 --end-ip-address 0.0.0.0
   

   This command will update the firewall rule named “AllowAllWindowsAzureIps” to restrict access to the SQL Database Server to only Azure services and resources.
4. Verify that the firewall rule has been updated by running the following command:
   Copy

   Ask AI

   az sql server firewall-rule show --resource-group <resource-group-name> --server <server-name> --name AllowAllWindowsAzureIps
   

   This command will show the details of the updated firewall rule.

1. Import the necessary libraries and authenticate to Azure using the Azure SDK for Python.

from azure.identity import DefaultAzureCredential
from azure.mgmt.sql import SqlManagementClient
from azure.mgmt.resource import ResourceManagementClient

credential = DefaultAzureCredential()
subscription_id = '<your-subscription-id>'

resource_client = ResourceManagementClient(credential, subscription_id)
sql_client = SqlManagementClient(credential, subscription_id)

2. Retrieve the list of SQL servers in your subscription.

servers = sql_client.servers.list()

3. For each SQL server, check if it has any firewall rules that allow unrestricted access.

for server in servers:
    firewall_rules = sql_client.firewall_rules.list_by_server(server.resource_group, server.name)
    for rule in firewall_rules:
        if rule.start_ip_address == '0.0.0.0' and rule.end_ip_address == '255.255.255.255':
            # This firewall rule allows unrestricted access, so delete it
            sql_client.firewall_rules.delete(server.resource_group, server.name, rule.name)

4. Once all the firewall rules have been deleted, you can verify that the SQL servers no longer have unrestricted access.

for server in servers:
    firewall_rules = sql_client.firewall_rules.list_by_server(server.resource_group, server.name)
    for rule in firewall_rules:
        if rule.start_ip_address == '0.0.0.0' and rule.end_ip_address == '255.255.255.255':
            print(f"Server {server.name} still has a firewall rule that allows unrestricted access.")
        else:
            print(f"Server {server.name} has no firewall rules that allow unrestricted access.")