AzPolicyAdvertizer

last sync: 2025-May-30 17:23:33 UTC

Configure Synapse Workspaces to use only Microsoft Entra identities for authentication during workspace creation

Azure BuiltIn Policy definition

Source Azure Portal
Display name Configure Synapse Workspaces to use only Microsoft Entra identities for authentication during workspace creation
Id c3624673-d2ff-48e0-b28c-5de1c6767c3c
Version 1.2.0
Details on versioning
Versioning Versions supported for Versioning: 2
1.2.0
1.1.0
Built-in Versioning [Preview]
Category Synapse
Microsoft Learn
Description Require and reconfigure Synapse Workspaces to be created with Microsoft Entra-only authentication. This policy doesn't block local authentication from being re-enabled on resources after create. Consider using the 'Microsoft Entra-only authentication' initiative instead to require both. Learn more at: https://aka.ms/Synapse.
Cloud environments AzureCloud = true
AzureUSGovernment = unknown
AzureChinaCloud = unknown
Available in AzUSGov Unknown, no evidence if Policy definition is/not available in AzureUSGovernment
Mode Indexed
Type BuiltIn
Preview False
Deprecated False
Effect Default
Modify
Allowed
Modify, Disabled
RBAC role(s)
Role Name Role Id
Contributor b24988ac-6180-42a0-ab88-20f7382dd24c
Rule aliases IF (3)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.Synapse/workspaces/azureADOnlyAuthentication Microsoft.Synapse workspaces properties.azureADOnlyAuthentication True True
Microsoft.Synapse/workspaces/extraProperties Microsoft.Synapse workspaces properties.extraProperties True False
Microsoft.Synapse/workspaces/settings Microsoft.Synapse workspaces properties.settings True False
THEN-Operations (1)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.Synapse/workspaces/azureADOnlyAuthentication Microsoft.Synapse workspaces properties.azureADOnlyAuthentication True True
Rule resource types IF (1)
Compliance Not a Compliance control
Initiatives usage
Rows: 1-2 / 2
Records:
Use the filters above each column to filter and limit table data. Advanced searches can be performed by using the following operators:
<, <=, >, >=, =, *, !, {, }, ||,&&, [empty], [nonempty], rgx:
Learn more

TableFilter v0.7.3

https://www.tablefilter.com/
©2015-2025 Max Guglielmi
?
Page of 1
Initiative DisplayName Initiative Id Initiative Category State Type polSet in AzUSGov
Configure Synapse Workspaces to mandate Microsoft Entra-only identities for authentication 6cccc75e-6b5c-4e63-8b4a-8427bc49fe5f Synapse GA BuiltIn unknown
Enforce recommended guardrails for Synapse workspaces Enforce-Guardrails-Synapse Synapse GA ALZ
History
Date/Time (UTC ymd) (i) Change type Change detail
2024-01-24 19:15:51 change Minor (1.1.0 > 1.2.0)
2023-10-31 19:02:40 change Minor (1.0.0 > 1.1.0)
2022-10-07 16:34:28 add c3624673-d2ff-48e0-b28c-5de1c6767c3c
JSON compare
compare mode: version left: version right:
1.1.0 → 1.2.0 RENAMED
@@ -3,9 +3,9 @@
3
  "policyType": "BuiltIn",
4
  "mode": "Indexed",
5
  "description": "Microsoft Entra-only authentication improves security by ensuring that Synapse Workspaces exclusively require Microsoft Entra identities for authentication. Learn more at: https://aka.ms/Synapse.",
6
  "metadata": {
7
- "version": "1.1.0",
8
  "category": "Synapse"
9
  },
10
  "parameters": {
11
  "effect": {
@@ -22,68 +22,44 @@
22
  }
23
  },
24
  "policyRule": {
25
  "if": {
26
- "anyOf": [
27
  {
 
 
 
 
28
- "allOf": [
29
  {
30
- "field": "type",
31
- "equals": "Microsoft.Synapse/workspaces"
 
32
  },
33
  {
34
- "anyOf": [
35
- {
36
- "field": "Microsoft.Synapse/workspaces/extraProperties",
37
- "exists": false
38
- },
39
- {
40
- "value": "[if(empty(field('Microsoft.Synapse/workspaces/extraProperties')), 0, length(intersection(field('Microsoft.Synapse/workspaces/extraProperties'), createObject('WorkspaceType', 'Normal'))))]",
41
- "equals": 1
42
- }
43
- ]
44
- },
45
- {
46
- "anyOf": [
47
- {
48
- "field": "Microsoft.Synapse/workspaces/azureADOnlyAuthentication",
49
- "exists": false
50
- },
51
- {
52
- "field": "Microsoft.Synapse/workspaces/azureADOnlyAuthentication",
53
- "notEquals": true
54
- },
55
- {
56
- "allOf": [
57
- {
58
- "field": "Microsoft.Synapse/workspaces/settings",
59
- "exists": "true"
60
- },
61
- {
62
- "value": "[if(empty(field('Microsoft.Synapse/workspaces/settings')), 0, length(intersection(field('Microsoft.Synapse/workspaces/settings'), createObject('azureADOnlyAuthentication', createObject('value', 'true', 'state', 'Inconsistent')))))]",
63
- "equals": 1
64
- }
65
- ]
66
- }
67
- ]
68
  }
69
  ]
70
  },
71
  {
72
- "allOf": [
73
  {
74
- "field": "type",
75
- "equals": "Microsoft.Synapse/workspaces/azureADOnlyAuthentications"
 
76
  },
77
  {
 
 
 
 
78
- "anyOf": [
79
  {
80
- "field": "Microsoft.Synapse/workspaces/azureADOnlyAuthentications/azureADOnlyAuthentication",
81
- "exists": false
82
  },
83
  {
84
- "field": "Microsoft.Synapse/workspaces/azureADOnlyAuthentications/azureADOnlyAuthentication",
85
- "notEquals": true
86
  }
87
  ]
88
  }
89
  ]
 
3
  "policyType": "BuiltIn",
4
  "mode": "Indexed",
5
  "description": "Microsoft Entra-only authentication improves security by ensuring that Synapse Workspaces exclusively require Microsoft Entra identities for authentication. Learn more at: https://aka.ms/Synapse.",
6
  "metadata": {
7
+ "version": "1.2.0",
8
  "category": "Synapse"
9
  },
10
  "parameters": {
11
  "effect": {
 
22
  }
23
  },
24
  "policyRule": {
25
  "if": {
26
+ "allOf": [
27
  {
28
+ "field": "type",
29
+ "equals": "Microsoft.Synapse/workspaces"
30
+ },
31
+ {
32
+ "anyOf": [
33
  {
 
34
+ "field": "Microsoft.Synapse/workspaces/extraProperties",
35
+ "exists": false
36
  },
37
  {
38
+ "value": "[if(empty(field('Microsoft.Synapse/workspaces/extraProperties')), 0, length(intersection(field('Microsoft.Synapse/workspaces/extraProperties'), createObject('WorkspaceType', 'Normal'))))]",
39
+ "equals": 1
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
40
  }
41
  ]
42
  },
43
  {
44
+ "anyOf": [
45
  {
 
46
+ "field": "Microsoft.Synapse/workspaces/azureADOnlyAuthentication",
47
+ "exists": false
48
  },
49
  {
50
+ "field": "Microsoft.Synapse/workspaces/azureADOnlyAuthentication",
51
+ "notEquals": true
52
+ },
53
+ {
54
+ "allOf": [
55
  {
56
+ "field": "Microsoft.Synapse/workspaces/settings",
57
+ "exists": true
58
  },
59
  {
60
+ "value": "[if(empty(field('Microsoft.Synapse/workspaces/settings')), 0, length(intersection(field('Microsoft.Synapse/workspaces/settings'), createObject('azureADOnlyAuthentication', createObject('value', 'true', 'state', 'Inconsistent')))))]",
61
+ "equals": 1
62
  }
63
  ]
64
  }
65
  ]
JSON
api-version=2021-06-01
EPAC 
{7 items
  • displayName: "Configure Synapse Workspaces to use only Microsoft Entra identities for authentication during workspace creation",
  • policyType: "BuiltIn",
  • mode: "Indexed",
  • description: "Require and reconfigure Synapse Workspaces to be created with Microsoft Entra-only authentication. This policy doesn't block local authentication from being re-enabled on resources after create. Consider using the 'Microsoft Entra-only authentication' initiative instead to require both. Learn more at: https://aka.ms/Synapse.",
  • metadata: {2 items
    • version: "1.2.0",
    • category: "Synapse"
    },
  • parameters: {1 item},
  • policyRule: {2 items
    • if: {1 item
      • allOf: [3 items
        • {2 items
          • field: "type",
          • equals: "Microsoft.Synapse/workspaces"
          },
        • {1 item
          • anyOf: [2 items
            • {2 items
              • field: "Microsoft.Synapse/workspaces/extraProperties",
              • exists: false
              },
            • {2 items
              • value: 🔍"[
    if(
        empty(
            field('Microsoft.Synapse/workspaces/extraProperties')
        ),
        0,
         length(
            intersection(
                field('Microsoft.Synapse/workspaces/extraProperties'),
                createObject(
                   'WorkspaceType',
                    'Normal'
                )
            )
        )
    )
]",
              • equals: 1
              }
            ]
          },
        • {1 item
          • anyOf: [3 items
            • {2 items
              • field: "Microsoft.Synapse/workspaces/azureADOnlyAuthentication",
              • exists: false
              },
            • {2 items
              • field: "Microsoft.Synapse/workspaces/azureADOnlyAuthentication",
              • notEquals: true
              },
            • {1 item
              • allOf: [2 items
                • {2 items
                  • field: "Microsoft.Synapse/workspaces/settings",
                  • exists: true
                  },
                • {2 items
                  • value: 🔍"[
    if(
        empty(
            field('Microsoft.Synapse/workspaces/settings')
        ),
        0,
         length(
            intersection(
                field('Microsoft.Synapse/workspaces/settings'),
                createObject(
                   'azureADOnlyAuthentication',
                     createObject(
                       'value',
                        'true',
                        'state',
                        'Inconsistent'
                    )
                )
            )
        )
    )
]",
                  • equals: 1
                  }
                ]
              }
            ]
          }
        ]
      },
    • then: {2 items}
    }
}