last sync: 2021-May-10 15:04:35 UTC

Azure Policy definition

Azure Synapse workspaces should allow outbound data traffic only to approved targets

Name Azure Synapse workspaces should allow outbound data traffic only to approved targets
Azure Portal
Id 3484ce98-c0c5-4c83-994b-c5ac24785218
Version 1.0.0
details on versioning
Category Synapse
Microsoft docs
Description Increase security of your Synapse workspace by allowing outbound data traffic only to approved targets. This helps prevention against data exfiltration by validating the target before sending data.
Mode Indexed
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default: Audit
Allowed: (Audit, Disabled, Deny)
Used RBAC Role none
History
Date/Time (UTC ymd) (i) Change type Change detail
2021-03-02 15:11:40 add 3484ce98-c0c5-4c83-994b-c5ac24785218
Used in Initiatives none
JSON
{
  "properties": {
    "displayName": "Azure Synapse workspaces should allow outbound data traffic only to approved targets",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "Increase security of your Synapse workspace by allowing outbound data traffic only to approved targets. This helps prevention against data exfiltration by validating the target before sending data.",
    "metadata": {
      "version": "1.0.0",
      "category": "Synapse"
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "Audit",
          "Disabled",
          "Deny"
        ],
        "defaultValue": "Audit"
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.Synapse/workspaces"
          },
          {
            "field": "Microsoft.Synapse/workspaces/managedVirtualNetworkSettings.preventDataExfiltration",
            "notEquals": "true"
          }
        ]
      },
      "then": {
      "effect": "[parameters('effect')]"
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/3484ce98-c0c5-4c83-994b-c5ac24785218",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "3484ce98-c0c5-4c83-994b-c5ac24785218"
}