last sync: 2021-Mar-03 15:53:01 UTC

Azure Policy definition

[Preview]: Azure Data Factory linked services should use system-assigned managed identity authentication when it is supported

Name [Preview]: Azure Data Factory linked services should use system-assigned managed identity authentication when it is supported
Azure Portal
Id f78ccdb4-7bf4-4106-8647-270491d2978a
Version 1.0.0-preview
details on versioning
Category Data Factory
Microsoft docs
Description Using system-assigned managed identity when communicating with data stores via linked services avoids the use of less secured credentials such as passwords or connection strings.
Mode All
Type BuiltIn
Preview True
Deprecated FALSE
Effect Default: Audit
Allowed: (Audit, Deny, Disabled)
Used RBAC Role none
History
Date/Time (UTC ymd) (i) Change type Change detail
2021-02-10 14:43:58 add f78ccdb4-7bf4-4106-8647-270491d2978a
Used in Initiatives none
Json
{
  "properties": {
  "displayName": "[Preview]: Azure Data Factory linked services should use system-assigned managed identity authentication when it is supported",
    "policyType": "BuiltIn",
    "mode": "All",
    "description": "Using system-assigned managed identity when communicating with data stores via linked services avoids the use of less secured credentials such as passwords or connection strings.",
    "metadata": {
      "version": "1.0.0-preview",
      "category": "Data Factory",
      "preview": true
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "Audit",
          "Deny",
          "Disabled"
        ],
        "defaultValue": "Audit"
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.DataFactory/factories/linkedservices"
          },
          {
            "field": "Microsoft.DataFactory/factories/linkedservices/type",
            "in": [
              "AzureSqlDatabase",
              "AzureSqlMI",
              "AzureSqlDW",
              "AzureBlobFS",
              "AdlsGen2CosmosStructuredStream",
              "AzureDataLakeStore",
              "AzureDataLakeStoreCosmosStructuredStream",
              "AzureBlobStorage",
              "AzureDatabricks"
            ]
          },
          {
            "anyOf": [
              {
                "field": "Microsoft.DataFactory/factories/linkedservices/typeProperties.connectionString",
                "contains": "User ID="
              },
              {
                "field": "Microsoft.DataFactory/factories/linkedservices/typeProperties.connectionString",
                "contains": "AccountKey="
              },
              {
                "field": "Microsoft.DataFactory/factories/linkedservices/AzureSqlDW.typeProperties.servicePrincipalKey",
                "exists": "true"
              },
              {
                "field": "Microsoft.DataFactory/factories/linkedservices/AzureStorage.typeProperties.accountKey",
                "exists": "true"
              },
              {
                "field": "Microsoft.DataFactory/factories/linkedservices/AzureStorage.typeProperties.sasUri",
                "exists": "true"
              },
              {
                "field": "Microsoft.DataFactory/factories/linkedservices/Hubspot.typeProperties.accessToken",
                "exists": "true"
              }
            ]
          }
        ]
      },
      "then": {
      "effect": "[parameters('effect')]"
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/f78ccdb4-7bf4-4106-8647-270491d2978a",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "f78ccdb4-7bf4-4106-8647-270491d2978a"
}