From be10673eb75e62f54d1c0e4f406ee29a6fca4879 Mon Sep 17 00:00:00 2001
From: nechango <neiichango@gmail.com>
Date: Tue, 17 Sep 2024 16:17:09 -0600
Subject: [PATCH] adding condition to evalute only non master databases

---
 .../azurepolicy.json                                      | 8 ++++----
 .../azurepolicy.rules.json                                | 8 ++++----
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/policyDefinitions/SQL/deny-sql-database-transparent-data-encryption-disablement/azurepolicy.json b/policyDefinitions/SQL/deny-sql-database-transparent-data-encryption-disablement/azurepolicy.json
index bdbc6e19..4c4cdc4d 100644
--- a/policyDefinitions/SQL/deny-sql-database-transparent-data-encryption-disablement/azurepolicy.json
+++ b/policyDefinitions/SQL/deny-sql-database-transparent-data-encryption-disablement/azurepolicy.json
@@ -32,12 +32,12 @@
             "equals": "Microsoft.SQL/servers/databases/transparentDataEncryption"
           },
           {
-            "field": "Microsoft.Sql/transparentDataEncryption.status",
+            "field": "Microsoft.Sql/servers/databases/transparentDataEncryption/state",
             "notEquals": "enabled"
           },
           {
-            "field": "Microsoft.Sql/servers/databases/transparentDataEncryption/state",
-            "notEquals": "enabled"
+            "value": "[indexOf(split(field('fullName'),'/'), 'master')]",
+            "notEquals": 1
           }
         ]
       },
@@ -46,4 +46,4 @@
       }
     }
   }
-}
+}
\ No newline at end of file
diff --git a/policyDefinitions/SQL/deny-sql-database-transparent-data-encryption-disablement/azurepolicy.rules.json b/policyDefinitions/SQL/deny-sql-database-transparent-data-encryption-disablement/azurepolicy.rules.json
index 07df586a..3e24a62b 100644
--- a/policyDefinitions/SQL/deny-sql-database-transparent-data-encryption-disablement/azurepolicy.rules.json
+++ b/policyDefinitions/SQL/deny-sql-database-transparent-data-encryption-disablement/azurepolicy.rules.json
@@ -6,16 +6,16 @@
         "equals": "Microsoft.SQL/servers/databases/transparentDataEncryption"
       },
       {
-        "field": "Microsoft.Sql/transparentDataEncryption.status",
+        "field": "Microsoft.Sql/servers/databases/transparentDataEncryption/state",
         "notEquals": "enabled"
       },
       {
-        "field": "Microsoft.Sql/servers/databases/transparentDataEncryption/state",
-        "notEquals": "enabled"
+        "value": "[indexOf(split(field('fullName'),'/'), 'master')]",
+        "notEquals": 1
       }
     ]
   },
   "then": {
     "effect": "[parameters('effect')]"
   }
-}
+}
\ No newline at end of file