AzPolicyAdvertizer

last sync: 2025-Sep-22 17:23:02 UTC

Azure Data Factory linked service resource type should be in allow list

Azure BuiltIn Policy definition

Source Azure Portal
Display name Azure Data Factory linked service resource type should be in allow list
Id 6809a3d0-d354-42fb-b955-783d207c62a8
Version 1.1.0
Details on versioning
Versioning Versions supported for Versioning: 1
1.1.0
Built-in Versioning [Preview]
Category Data Factory
Microsoft Learn
Description Define the allow list of Azure Data Factory linked service types. Restricting allowed resource types enables control over the boundary of data movement. For example, restrict a scope to only allow blob storage with Data Lake Storage Gen1 and Gen2 for analytics or a scope to only allow SQL and Kusto access for real-time queries.
Cloud environments AzureCloud = true
AzureUSGovernment = unknown
AzureChinaCloud = unknown
Available in AzUSGov Unknown, no evidence if Policy definition is/not available in AzureUSGovernment
Mode All
Type BuiltIn
Preview False
Deprecated False
Effect Default
Audit
Allowed
Audit, Deny, Disabled
RBAC role(s) none
Rule aliases IF (1)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.DataFactory/factories/linkedservices/type Microsoft.DataFactory factories/linkedservices properties.type True False
Rule resource types IF (1)
Compliance Not a Compliance control
Initiatives usage none
History
Date/Time (UTC ymd) (i) Change type Change detail
2023-06-26 17:52:13 change Minor (1.0.0 > 1.1.0)
2023-01-13 18:06:06 change Version remains equal, old suffix: preview (1.0.0-preview > 1.0.0)
2021-02-10 14:43:58 add 6809a3d0-d354-42fb-b955-783d207c62a8
JSON compare
compare mode: version left: version right:
1.0.0 → 1.1.0 RENAMED
@@ -3,9 +3,9 @@
3
  "policyType": "BuiltIn",
4
  "mode": "All",
5
  "description": "Define the allow list of Azure Data Factory linked service types. Restricting allowed resource types enables control over the boundary of data movement. For example, restrict a scope to only allow blob storage with Data Lake Storage Gen1 and Gen2 for analytics or a scope to only allow SQL and Kusto access for real-time queries.",
6
  "metadata": {
7
- "version": "1.0.0",
8
  "category": "Data Factory"
9
  },
10
  "parameters": {
11
  "effect": {
@@ -47,8 +47,9 @@
47
  "AzureSearch",
48
  "AzureSqlDatabase",
49
  "AzureSqlDW",
50
  "AzureSqlMI",
 
51
  "AzureTableStorage",
52
  "Cassandra",
53
  "CommonDataServiceForApps",
54
  "CosmosDb",
 
3
  "policyType": "BuiltIn",
4
  "mode": "All",
5
  "description": "Define the allow list of Azure Data Factory linked service types. Restricting allowed resource types enables control over the boundary of data movement. For example, restrict a scope to only allow blob storage with Data Lake Storage Gen1 and Gen2 for analytics or a scope to only allow SQL and Kusto access for real-time queries.",
6
  "metadata": {
7
+ "version": "1.1.0",
8
  "category": "Data Factory"
9
  },
10
  "parameters": {
11
  "effect": {
 
47
  "AzureSearch",
48
  "AzureSqlDatabase",
49
  "AzureSqlDW",
50
  "AzureSqlMI",
51
+ "AzureSynapseArtifacts",
52
  "AzureTableStorage",
53
  "Cassandra",
54
  "CommonDataServiceForApps",
55
  "CosmosDb",
JSON
api-version=2021-06-01
EPAC 
{7 items
  • displayName: "Azure Data Factory linked service resource type should be in allow list",
  • policyType: "BuiltIn",
  • mode: "All",
  • description: "Define the allow list of Azure Data Factory linked service types. Restricting allowed resource types enables control over the boundary of data movement. For example, restrict a scope to only allow blob storage with Data Lake Storage Gen1 and Gen2 for analytics or a scope to only allow SQL and Kusto access for real-time queries.",
  • metadata: {2 items
    • version: "1.1.0",
    • category: "Data Factory"
    },
  • parameters: {2 items
    • effect: {4 items},
    • allowedLinkedServiceResourceTypes: {3 items
      • type: "Array",
      • metadata: {2 items
        • displayName: "Allowed linked service resource types",
        • description: "The list of allowed linked service resource types."
        },
      • allowedValues: [105 items
        • "AdlsGen2CosmosStructuredStream",
        • "AdobeExperiencePlatform",
        • "AdobeIntegration",
        • "AmazonRedshift",
        • "AmazonS3",
        • "AzureBlobFS",
        • "AzureBlobStorage",
        • "AzureDataExplorer",
        • "AzureDataLakeStore",
        • "AzureDataLakeStoreCosmosStructuredStream",
        • "AzureDataShare",
        • "AzureFileStorage",
        • "AzureKeyVault",
        • "AzureMariaDB",
        • "AzureMySql",
        • "AzurePostgreSql",
        • "AzureSearch",
        • "AzureSqlDatabase",
        • "AzureSqlDW",
        • "AzureSqlMI",
        • "AzureSynapseArtifacts",
        • "AzureTableStorage",
        • "Cassandra",
        • "CommonDataServiceForApps",
        • "CosmosDb",
        • "CosmosDbMongoDbApi",
        • "Db2",
        • "DynamicsCrm",
        • "FileServer",
        • "FtpServer",
        • "GitHub",
        • "GoogleCloudStorage",
        • "Hdfs",
        • "Hive",
        • "HttpServer",
        • "Informix",
        • "Kusto",
        • "MicrosoftAccess",
        • "MySql",
        • "Netezza",
        • "Odata",
        • "Odbc",
        • "Office365",
        • "Oracle",
        • "PostgreSql",
        • "Salesforce",
        • "SalesforceServiceCloud",
        • "SapBw",
        • "SapHana",
        • "SapOpenHub",
        • "SapTable",
        • "Sftp",
        • "SharePointOnlineList",
        • "Snowflake",
        • "SqlServer",
        • "Sybase",
        • "Teradata",
        • "HDInsightOnDemand",
        • "HDInsight",
        • "AzureDataLakeAnalytics",
        • "AzureBatch",
        • "AzureFunction",
        • "AzureML",
        • "AzureMLService",
        • "MongoDb",
        • "GoogleBigQuery",
        • "Impala",
        • "ServiceNow",
        • "Dynamics",
        • "AzureDatabricks",
        • "AmazonMWS",
        • "SapCloudForCustomer",
        • "SapEcc",
        • "Web",
        • "MongoDbAtlas",
        • "HBase",
        • "Spark",
        • "Phoenix",
        • "PayPal",
        • "Marketo",
        • "Responsys",
        • "SalesforceMarketingCloud",
        • "Presto",
        • "Square",
        • "Xero",
        • "Jira",
        • "Magento",
        • "Shopify",
        • "Concur",
        • "Hubspot",
        • "Zoho",
        • "Eloqua",
        • "QuickBooks",
        • "Couchbase",
        • "Drill",
        • "Greenplum",
        • "MariaDB",
        • "Vertica",
        • "MongoDbV2",
        • "OracleServiceCloud",
        • "GoogleAdWords",
        • "RestService",
        • "DynamicsAX",
        • "AzureDataCatalog",
        • "AzureDatabricksDeltaLake"
        ]
      }
    },
  • policyRule: {2 items
    • if: {1 item
      • allOf: [2 items
        • {2 items
          • field: "type",
          • equals: "Microsoft.DataFactory/factories/linkedservices"
          },
        • {2 items
          • field: "Microsoft.DataFactory/factories/linkedservices/type",
          • notIn: "[parameters('allowedLinkedServiceResourceTypes')]"
          }
        ]
      },
    • then: {1 item
      • effect: "[parameters('effect')]"
      }
    }
}