Used in 2 Policy Set(s):
• Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit (Enforce-EncryptTransit_20241211) [Encryption] ALZ
• [Deprecated]: Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit (Enforce-EncryptTransit_20240509) [Encryption] ALZ
if (1)
• 'Microsoft.Synapse/workspaces/dedicatedSQLminimalTlsSettings/minimalTlsVersion' (ref)
{
"displayName": "Azure Synapse Workspace SQL Server should be running TLS version 1.2 or newer",
"policyType": "BuiltIn",
"mode": "All",
"description": "Setting TLS version to 1.2 or newer improves security by ensuring your Azure Synapse workspace SQL server can only be accessed from clients using TLS 1.2 or newer. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.",
"metadata": {
"version": "1.1.0",
"category": "Synapse"
},
"parameters": {
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Enable or disable the execution of the policy"
},
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"defaultValue": "Audit"
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Synapse/workspaces/dedicatedSQLminimalTlsSettings"
},
{
"field": "Microsoft.Synapse/workspaces/dedicatedSQLminimalTlsSettings/minimalTlsVersion",
"notEquals": "1.2"
}
]
},
"then": {
"effect": "[parameters('effect')]"
}
}
}{"displayName":"Azure Synapse Workspace SQL Server should be running TLS version 1.2 or newer","policyType":"BuiltIn","mode":"All","description":"Setting TLS version to 1.2 or newer improves security by ensuring your Azure Synapse workspace SQL server can only be accessed from clients using TLS 1.2 or newer. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.","metadata":{"version":"1.1.0","category":"Synapse"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable or disable the execution of the policy"},"allowedValues":["Audit","Deny","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Synapse/workspaces/dedicatedSQLminimalTlsSettings"},{"field":"Microsoft.Synapse/workspaces/dedicatedSQLminimalTlsSettings/minimalTlsVersion","notEquals":"1.2"}]},"then":{"effect":"[parameters('effect')]"}}}Used in 1 Policy Set(s):
• Enforce recommended guardrails for Synapse workspaces (Enforce-Guardrails-Synapse) [Synapse] ALZ
{
"displayName": "Configure Azure Synapse Workspace Dedicated SQL minimum TLS version",
"policyType": "BuiltIn",
"mode": "All",
"description": "Customers can raise or lower the minimal TLS version using the API, for both new Synapse workspaces or existing workspaces. So users who need to use a lower client version in the workspaces can connect while users who has security requirement can raise the minimum TLS version. Learn more at: https://docs.microsoft.com/azure/synapse-analytics/security/connectivity-settings.",
"metadata": {
"version": "1.1.0",
"category": "Synapse"
},
"parameters": {
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Enable or disable the execution of the policy"
},
"allowedValues": [
"Modify",
"Disabled"
],
"defaultValue": "Modify"
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Synapse/workspaces/dedicatedSQLminimalTlsSettings"
},
{
"field": "Microsoft.Synapse/workspaces/dedicatedSQLminimalTlsSettings/minimalTlsVersion",
"notEquals": "1.2"
}
]
},
"then": {
"effect": "[parameters('effect')]",
"details": {
"conflictEffect": "audit",
"roleDefinitionIds": [
"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
],
"operations": [
{
"condition": "[greaterOrEquals(requestContext().apiVersion, '2021-06-01')]",
"operation": "addOrReplace",
"field": "Microsoft.Synapse/workspaces/dedicatedSQLminimalTlsSettings/minimalTlsVersion",
"value": "1.2"
}
]
}
}
}
}{"displayName":"Configure Azure Synapse Workspace Dedicated SQL minimum TLS version","policyType":"BuiltIn","mode":"All","description":"Customers can raise or lower the minimal TLS version using the API,for both new Synapse workspaces or existing workspaces. So users who need to use a lower client version in the workspaces can connect while users who has security requirement can raise the minimum TLS version. Learn more at: https://docs.microsoft.com/azure/synapse-analytics/security/connectivity-settings.","metadata":{"version":"1.1.0","category":"Synapse"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable or disable the execution of the policy"},"allowedValues":["Modify","Disabled"],"defaultValue":"Modify"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Synapse/workspaces/dedicatedSQLminimalTlsSettings"},{"field":"Microsoft.Synapse/workspaces/dedicatedSQLminimalTlsSettings/minimalTlsVersion","notEquals":"1.2"}]},"then":{"effect":"[parameters('effect')]","details":{"conflictEffect":"audit","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"operations":[{"condition":"[greaterOrEquals(requestContext().apiVersion,'2021-06-01')]","operation":"addOrReplace","field":"Microsoft.Synapse/workspaces/dedicatedSQLminimalTlsSettings/minimalTlsVersion","value":"1.2"}]}}}}