{
  "mode": "Indexed",
  "policyRule": {
    "if": {
      "allOf": [
        {
          "field": "type",
          "equals": "Microsoft.Sql/servers"
        },
        {
          "value": "[resourcegroup().managedBy]",
          "notContains": "/providers/Microsoft.Synapse/"
        },
        {
          "anyOf": [
            {
              "field": "Microsoft.Sql/servers/administrators.azureADOnlyAuthentication",
              "exists": false
            },
            {
              "field": "Microsoft.Sql/servers/administrators.azureADOnlyAuthentication",
              "equals": "false"
            }
          ]
        }
      ]
    },
    "then": {
      "effect": "[parameters('effect')]"
    }
  },
  "parameters": {
    "effect": {
      "type": "String",
      "metadata": {
        "displayName": "Effect",
        "description": "Disabling local authentication methods and allowing only Azure Active Directory Authentication improves security"
      },
      "allowedValues": [
        "Deny"
      ],
      "defaultValue": "Deny"
    }
  }
}