last sync: 2021-May-10 15:04:35 UTC

Azure Policy definition

Synapse workspace auditing settings should have action groups configured to capture critical activities

Name Synapse workspace auditing settings should have action groups configured to capture critical activities
Azure Portal
Id 2b18f286-371e-4b80-9887-04759970c0d3
Version 1.0.0
details on versioning
Category Synapse
Microsoft docs
Description To ensure your audit logs are as thorough as possible, the AuditActionsAndGroups property should include all the relevant groups. We recommend adding at least SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP, FAILED_DATABASE_AUTHENTICATION_GROUP, and BATCH_COMPLETED_GROUP. This is sometimes required for compliance with regulatory standards.
Mode Indexed
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
Used RBAC Role none
History
Date/Time (UTC ymd) (i) Change type Change detail
2021-03-09 14:37:41 add 2b18f286-371e-4b80-9887-04759970c0d3
Used in Initiatives none
JSON
{
  "properties": {
    "displayName": "Synapse workspace auditing settings should have action groups configured to capture critical activities",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "To ensure your audit logs are as thorough as possible, the AuditActionsAndGroups property should include all the relevant groups. We recommend adding at least SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP, FAILED_DATABASE_AUTHENTICATION_GROUP, and BATCH_COMPLETED_GROUP. This is sometimes required for compliance with regulatory standards.",
    "metadata": {
      "version": "1.0.0",
      "category": "Synapse"
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      }
    },
    "policyRule": {
      "if": {
        "field": "type",
        "equals": "Microsoft.Synapse/workspaces"
      },
      "then": {
      "effect": "[parameters('effect')]",
        "details": {
          "type": "Microsoft.Synapse/workspaces/auditingSettings",
          "name": "default",
          "existenceCondition": {
            "allOf": [
              {
                "not": {
                "field": "Microsoft.Synapse/workspaces/auditingSettings/auditActionsAndGroups[*]",
                  "notEquals": "SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP"
                }
              },
              {
                "not": {
                "field": "Microsoft.Synapse/workspaces/auditingSettings/auditActionsAndGroups[*]",
                  "notEquals": "FAILED_DATABASE_AUTHENTICATION_GROUP"
                }
              },
              {
                "not": {
                "field": "Microsoft.Synapse/workspaces/auditingSettings/auditActionsAndGroups[*]",
                  "notEquals": "BATCH_COMPLETED_GROUP"
                }
              }
            ]
          }
        }
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/2b18f286-371e-4b80-9887-04759970c0d3",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "2b18f286-371e-4b80-9887-04759970c0d3"
}