last sync: 2023-Sep-21 17:57:51 UTC

Azure Policy definition

Synapse Workspaces should use only Azure Active Directory identities for authentication

Source Azure Portal
Display name Synapse Workspaces should use only Azure Active Directory identities for authentication
Id 2158ddbe-fefa-408e-b43f-d4faef8ff3b8
Version 1.0.0
details on versioning
Category Synapse
Microsoft docs
Description Azure Active Directory (AAD) only authentication methods improves security by ensuring that Synapse Workspaces exclusively require AAD identities for authentication. Learn more at: https://aka.ms/Synapse.
Mode Indexed
Type BuiltIn
Preview False
Deprecated False
Effect Default
Audit
Allowed
Audit, Deny, Disabled
RBAC role(s) none
Rule aliases IF (3)
Alias Namespace ResourceType DefaultPath Modifiable
Microsoft.Synapse/workspaces/azureADOnlyAuthentication Microsoft.Synapse workspaces properties.azureADOnlyAuthentication true
Microsoft.Synapse/workspaces/extraProperties Microsoft.Synapse workspaces properties.extraProperties false
Microsoft.Synapse/workspaces/settings Microsoft.Synapse workspaces properties.settings false
Rule resource types IF (1)
Microsoft.Synapse/workspaces
Compliance
The following 1 compliance controls are associated with this Policy definition 'Synapse Workspaces should use only Azure Active Directory identities for authentication' (2158ddbe-fefa-408e-b43f-d4faef8ff3b8)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
Azure_Security_Benchmark_v3.0 DP-4 Azure_Security_Benchmark_v3.0_DP-4 Microsoft cloud security benchmark DP-4 Data Protection Enable data at rest encryption by default Shared **Security Principle:** To complement access controls, data at rest should be protected against 'out of band' attacks (such as accessing underlying storage) using encryption. This helps ensure that attackers cannot easily read or modify the data. **Azure Guidance:** Many Azure services have data at rest encryption enabled by default at the infrastructure layer using a service-managed key. Where technically feasible and not enabled by default, you can enable data at rest encryption in the Azure services, or in your VMs for storage level, file level, or database level encryption. **Implementation and additional context:** Understand encryption at rest in Azure: https://docs.microsoft.com/azure/security/fundamentals/encryption-atrest#encryption-at-rest-in-microsoft-cloud-services Data at rest double encryption in Azure: https://docs.microsoft.com/azure/security/fundamentals/encryption-models Encryption model and key management table: https://docs.microsoft.com/azure/security/fundamentals/encryption-models n/a link 13
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
Microsoft cloud security benchmark 1f3afdf9-d0c9-4c3d-847f-89da613e70a8 Security Center GA BuiltIn
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-10-07 16:34:28 add 2158ddbe-fefa-408e-b43f-d4faef8ff3b8
JSON compare n/a
JSON
api-version=2021-06-01