last sync: 2020-Dec-03 15:30:53 UTC

Azure Policy definition

Synapse managed private endpoints should only connect to resources in approved Azure Active Directory tenants

Name Synapse managed private endpoints should only connect to resources in approved Azure Active Directory tenants
Azure Portal
Id 3a003702-13d2-4679-941b-937e58c443f0
Version 1.0.0
details on versioning
Category Synapse
Microsoft docs
Description Protect your Synapse workspace by only allowing connections to resources in approved Azure Active Directory (Azure AD) tenants. The approved Azure AD tenants can be defined during policy assignment.
Mode Indexed
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default: Audit
Allowed: (Audit, Disabled, Deny)
Used RBAC Role none
History
Date/Time (UTC ymd) (i) Change type Change detail
2020-11-10 16:00:42 add 3a003702-13d2-4679-941b-937e58c443f0
Used in Initiatives none
Json
{
  "properties": {
    "displayName": "Synapse managed private endpoints should only connect to resources in approved Azure Active Directory tenants",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "Protect your Synapse workspace by only allowing connections to resources in approved Azure Active Directory (Azure AD) tenants. The approved Azure AD tenants can be defined during policy assignment.",
    "metadata": {
      "version": "1.0.0",
      "category": "Synapse"
    },
    "parameters": {
      "allowedTenantIds": {
        "type": "Array",
        "metadata": {
          "displayName": "List of Allowed Tenant Ids for private endpoint creation",
          "description": "This parameter defines the list of Allowed Tenant Ids that are allowed to create managed private endpoints in the workspaces"
        },
        "defaultValue": [
          
        ]
      },
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "Audit",
          "Disabled",
          "Deny"
        ],
        "defaultValue": "Audit"
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.Synapse/workspaces"
          },
          {
            "count": {
            "field": "Microsoft.Synapse/workspaces/managedVirtualNetworkSettings.allowedAadTenantIdsForLinking[*]",
              "where": {
              "field": "Microsoft.Synapse/workspaces/managedVirtualNetworkSettings.allowedAadTenantIdsForLinking[*]",
              "notIn": "[parameters('allowedTenantIds')]"
              }
            },
            "greater": 0
          }
        ]
      },
      "then": {
      "effect": "[parameters('effect')]"
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/3a003702-13d2-4679-941b-937e58c443f0",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "3a003702-13d2-4679-941b-937e58c443f0"
}