The Azure policy you mentioned is designed to restrict public network access to SQL Server and SQL Database. This is a security best practice to prevent unauthorized access.
In your SQL Server's network settings, the options you're seeing ('Disabled' and 'Selected Networks') relate to how the SQL Server can be accessed:
- Disabled: No public network access is allowed.
- Selected Networks: Only allows access from specific networks or IP addresses you define.
The error you're having indicates that the public network access is disabled. This is consistent with a policy that denies public network access.
I think that the Azure policy is effectively working by overriding the network settings at the SQL Server level. When the policy is applied, it might not explicitly state that it's blocking the action, but its effect is to prevent the enabling of public access or the addition of firewall rules that would allow public access.