last sync: 2025-Mar-26 20:41:06 UTC

Enforce recommended guardrails for Data Explorer

Azure Landing Zones (ALZ) Policy Initiative (PolicySet)

Source Repository Azure Landing Zones (ALZ) GitHub
JSON Enforce-Guardrails-DataExplorer
Display nameEnforce recommended guardrails for Data Explorer
IdEnforce-Guardrails-DataExplorer
Version1.1.0
Details on versioning
CategoryAzure Data Explorer
DescriptionThis policy initiative is a group of policies that ensures Data Explorer is compliant per regulated Landing Zones.
Cloud environments AzureChinaCloud
AzureCloud
AzureUSGovernment
TypeCustom Azure Landing Zones (ALZ)
DeprecatedFalse
PreviewFalse
Policy-used types
Total Policies: 4
Builtin Policies: 4
Static Policies: 0
ALZ Policies: 0
Policy-used states
1 states:
GA: 4
Policy-used categories
1 categories:
Azure Data Explorer: 4
Policy used
Policy DisplayName Policy Id Category Effect Roles# Roles State Type policy in AzUSGov
Azure Data Explorer should use a SKU that supports private link 1fec9658-933f-4b3e-bc95-913ed22d012b Azure Data Explorer Default
Audit
Allowed
Audit, Deny, Disabled
0 GA BuiltIn unknown
Configure Azure Data Explorer to disable public network access 7b32f193-cb28-4e15-9a98-b9556db0bafa Azure Data Explorer Default
Modify
Allowed
Modify, Disabled
1 SQL Server Contributor GA BuiltIn unknown
Disk encryption should be enabled on Azure Data Explorer f4b53539-8df9-40e4-86c6-6b607703bd4e Azure Data Explorer Default
Audit
Allowed
Audit, Deny, Disabled
0 GA BuiltIn true
Double encryption should be enabled on Azure Data Explorer ec068d99-e9c7-401f-8cef-5bdde4e6ccf1 Azure Data Explorer Default
Audit
Allowed
Audit, Deny, Disabled
0 GA BuiltIn true
Roles used
Total Roles usage: 1
Total Roles unique usage: 1
Role Role Id Policies count Policies
SQL Server Contributor 6d8ee4ec-f05a-4a1d-8b00-a9b17e38b437 1 Configure Azure Data Explorer to disable public network access
History none
JSON compare n/a
JSON
EPAC