Require Synapse Workspaces to be created with Microsoft Entra-only authentication. This policy doesn't block local authentication from being re-enabled on resources after create. Consider using the 'Microsoft Entra-only authentication' initiative instead to require both. Learn more at: https://aka.ms/Synapse.
The following 1 compliance controls are associated with this Policy definition 'Synapse Workspaces should use only Microsoft Entra identities for authentication during workspace creation' (2158ddbe-fefa-408e-b43f-d4faef8ff3b8)
Use centralized identity and authentication system
Use a centralized identity and authentication system to govern your organization's identities and authentications for cloud and non-cloud resources.
Microsoft Entra ID is Azure's identity and authentication management service. You should standardize on Microsoft Entra ID to govern your organization's identity and authentication in:
- Microsoft cloud resources, such as the Azure Storage, Azure Virtual Machines (Linux and Windows), Azure Key Vault, PaaS, and SaaS applications.
- Your organization's resources, such as applications on Azure, third-party applications running on your corporate network resources, and third-party SaaS applications.
- Your enterprise identities in Active Directory by synchronization to Microsoft Entra ID to ensure a consistent and centrally managed identity strategy.
Note: As soon as it is technically feasible, you should migrate on-premises Active Directory based applications to Microsoft Entra ID. This could be a Microsoft Entra Enterprise Directory, Business to Business configuration, or Business to consumer configuration.
**Implementation and additional context:**
Tenancy in Microsoft Entra ID:
How to create and configure a Microsoft Entra instance:
Define Microsoft Entra ID tenants:
Use external identity providers for an application: