AzPolicyAdvertizer

last sync: 2021-Jul-23 16:37:57 UTC

Azure Policy definition

Synapse workspaces with SQL auditing to storage account destination should be configured with 90 days retention or higher

Name Synapse workspaces with SQL auditing to storage account destination should be configured with 90 days retention or higher
Azure Portal

Id 529ea018-6afc-4ed4-95bd-7c9ee47b00bc

Version 2.0.0
details on versioning

Category Synapse
Microsoft docs

Description For incident investigation purposes, we recommend setting the data retention for your Synapse workspace' SQL auditing to storage account destination to at least 90 days. Confirm that you are meeting the necessary retention rules for the regions in which you are operating. This is sometimes required for compliance with regulatory standards.

Mode Indexed

Type BuiltIn

Preview FALSE

Deprecated FALSE

Effect Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Used RBAC Role none

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2021-03-24 14:32:48	change	Major (1.0.0 > 2.0.0)
2021-03-09 14:37:41	add	529ea018-6afc-4ed4-95bd-7c9ee47b00bc

Used in Initiatives none

JSON Changes

Visual JSON JSON (Annotated)

Show unchanged values

JSON

{
  "properties": {
    "displayName": "Synapse workspaces with SQL auditing to storage account destination should be configured with 90 days retention or higher",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "For incident investigation purposes, we recommend setting the data retention for your Synapse workspace' SQL auditing to storage account destination to at least 90 days. Confirm that you are meeting the necessary retention rules for the regions in which you are operating. This is sometimes required for compliance with regulatory standards.",
    "metadata": {
      "version": "2.0.0",
      "category": "Synapse"
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      }
    },
    "policyRule": {
      "if": {
        "field": "type",
        "equals": "Microsoft.Synapse/workspaces"
      },
      "then": {
      "effect": "[parameters('effect')]",
        "details": {
          "type": "Microsoft.Synapse/workspaces/auditingSettings",
          "name": "default",
          "existenceCondition": {
            "anyOf": [
              {
                "allOf": [
                  {
                    "field": "Microsoft.Synapse/workspaces/auditingSettings/isAzureMonitorTargetEnabled",
                    "equals": true
                  },
                  {
                    "field": "Microsoft.Synapse/workspaces/auditingSettings/storageEndpoint",
                    "equals": ""
                  }
                ]
              },
              {
                "field": "Microsoft.Synapse/workspaces/auditingSettings/retentionDays",
                "equals": 0
              },
              {
                "field": "Microsoft.Synapse/workspaces/auditingSettings/retentionDays",
                "greaterOrEquals": 90
              }
            ]
          }
        }
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/529ea018-6afc-4ed4-95bd-7c9ee47b00bc",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "529ea018-6afc-4ed4-95bd-7c9ee47b00bc"
}

AzPolicyAdvertizer

Azure Policy definition

Synapse workspaces with SQL auditing to storage account destination should be configured with 90 days retention or higher

JSON Left

JSON Right