AzPolicyAdvertizer

last sync: 2025-Jul-02 18:12:24 UTC

Stream Analytics job should connect to trusted inputs and outputs

Azure BuiltIn Policy definition

Source

Azure Portal

Display name

Stream Analytics job should connect to trusted inputs and outputs

fe8684d6-3c5b-45c0-a08b-fa92653c2e1c

Version

1.1.0
Details on versioning

Versioning

Versions supported for Versioning: 1
1.1.0
Built-in Versioning [Preview]

Category

Stream Analytics
Microsoft Learn

Description

Ensure that Stream Analytics jobs do not have arbitrary Input or Output connections that are not defined in the allow-list. This checks that Stream Analytics jobs don't exfiltrate data by connecting to arbitrary sinks outside your organization.

Cloud environments

AzureCloud = true
AzureUSGovernment = unknown
AzureChinaCloud = unknown

Available in AzUSGov

Unknown, no evidence if Policy definition is/not available in AzureUSGovernment

Mode

All

Type

BuiltIn

Preview

False

Deprecated

False

Effect

Default
Audit
Allowed
Deny, Disabled, Audit

RBAC role(s)

none

Rule aliases

IF (21)

Alias	Namespace	ResourceType	Path	PathIsDefault	Modifiable
Microsoft.StreamAnalytics/streamingjobs/functions[*].binding.Microsoft-MachineLearning-WebService.endpoint	Microsoft.StreamAnalytics	streamingjobs	properties.functions[*].properties.properties.binding.properties.endpoint	True	False
Microsoft.StreamAnalytics/streamingjobs/functions[*].type	Microsoft.StreamAnalytics	streamingjobs	properties.functions[*].type	True	False
Microsoft.StreamAnalytics/streamingjobs/inputs/Reference.datasource.Microsoft-Sql-Server-Database.server	Microsoft.StreamAnalytics	streamingjobs/inputs	properties.datasource.properties.server	True	False
Microsoft.StreamAnalytics/streamingjobs/inputs/Reference.datasource.Microsoft-Storage-Blob.storageAccounts[*]	Microsoft.StreamAnalytics	streamingjobs/inputs	properties.datasource.properties.storageAccounts[*]	True	False
Microsoft.StreamAnalytics/streamingjobs/inputs/Reference.datasource.Microsoft-Storage-Blob.storageAccounts[*].accountName	Microsoft.StreamAnalytics	streamingjobs/inputs	properties.datasource.properties.storageAccounts[*].accountName	True	False
Microsoft.StreamAnalytics/streamingjobs/inputs/Reference.datasource.type	Microsoft.StreamAnalytics	streamingjobs/inputs	properties.datasource.type	True	False
Microsoft.StreamAnalytics/streamingjobs/inputs/Stream.datasource.Microsoft-Devices-IotHubs.iotHubNamespace	Microsoft.StreamAnalytics	streamingjobs/inputs	properties.datasource.properties.iotHubNamespace	True	False
Microsoft.StreamAnalytics/streamingjobs/inputs/Stream.datasource.Microsoft-ServiceBus-EventHub.serviceBusNamespace	Microsoft.StreamAnalytics	streamingjobs/inputs	properties.datasource.properties.serviceBusNamespace	True	False
Microsoft.StreamAnalytics/streamingjobs/inputs/Stream.datasource.Microsoft-Storage-Blob.storageAccounts[*]	Microsoft.StreamAnalytics	streamingjobs/inputs	properties.datasource.properties.storageAccounts[*]	True	False
Microsoft.StreamAnalytics/streamingjobs/inputs/Stream.datasource.Microsoft-Storage-Blob.storageAccounts[*].accountName	Microsoft.StreamAnalytics	streamingjobs/inputs	properties.datasource.properties.storageAccounts[*].accountName	True	False
Microsoft.StreamAnalytics/streamingjobs/inputs/Stream.datasource.type	Microsoft.StreamAnalytics	streamingjobs/inputs	properties.datasource.type	True	False
Microsoft.StreamAnalytics/streamingjobs/jobStorageAccount	Microsoft.StreamAnalytics	streamingjobs	properties.jobStorageAccount	True	False
Microsoft.StreamAnalytics/streamingjobs/jobStorageAccount.accountName	Microsoft.StreamAnalytics	streamingjobs	properties.jobStorageAccount.accountName	True	False
Microsoft.StreamAnalytics/streamingjobs/outputs/datasource.Microsoft-AzureFunction.functionAppName	Microsoft.StreamAnalytics	streamingjobs/outputs	properties.datasource.properties.functionAppName	True	False
Microsoft.StreamAnalytics/streamingjobs/outputs/datasource.Microsoft-ServiceBus-EventHub.serviceBusNamespace	Microsoft.StreamAnalytics	streamingjobs/outputs	properties.datasource.properties.serviceBusNamespace	True	False
Microsoft.StreamAnalytics/streamingjobs/outputs/datasource.Microsoft-Sql-Server-Database.server	Microsoft.StreamAnalytics	streamingjobs/outputs	properties.datasource.properties.server	True	False
Microsoft.StreamAnalytics/streamingjobs/outputs/datasource.Microsoft-Storage-Blob.storageAccounts[*]	Microsoft.StreamAnalytics	streamingjobs/outputs	properties.datasource.properties.storageAccounts[*]	True	False
Microsoft.StreamAnalytics/streamingjobs/outputs/datasource.Microsoft-Storage-Blob.storageAccounts[*].accountName	Microsoft.StreamAnalytics	streamingjobs/outputs	properties.datasource.properties.storageAccounts[*].accountName	True	False
Microsoft.StreamAnalytics/streamingjobs/outputs/datasource.Microsoft-Storage-DocumentDB.accountId	Microsoft.StreamAnalytics	streamingjobs/outputs	properties.datasource.properties.accountId	True	False
Microsoft.StreamAnalytics/streamingjobs/outputs/datasource.Microsoft-Storage-Table.accountName	Microsoft.StreamAnalytics	streamingjobs/outputs	properties.datasource.properties.accountName	True	False
Microsoft.StreamAnalytics/streamingjobs/outputs/datasource.type	Microsoft.StreamAnalytics	streamingjobs/outputs	properties.datasource.type	True	False

Rule resource types

IF (5)

Microsoft.Devices/IotHubs
Microsoft.StreamAnalytics/streamingjobs
Microsoft.StreamAnalytics/streamingjobs/functions
Microsoft.StreamAnalytics/streamingjobs/inputs
Microsoft.StreamAnalytics/streamingjobs/outputs

Compliance

Not a Compliance control

Initiatives usage

none

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2022-02-18 17:44:00	change	Minor (1.0.0 > 1.1.0)
2021-11-12 16:23:07	add	fe8684d6-3c5b-45c0-a08b-fa92653c2e1c

JSON compare

compare mode: version left: version right:

JSON

api-version=2021-06-01
EPAC