AzPolicyAdvertizer

last sync: 2025-Oct-31 18:22:59 UTC

Stream Analytics job should use managed identity to authenticate endpoints

Azure BuiltIn Policy definition

Source Azure Portal
Display name Stream Analytics job should use managed identity to authenticate endpoints
Id ea6c4923-510a-4346-be26-1894919a5b97
Version 1.0.0
Details on versioning
Versioning Versions supported for Versioning: 1
1.0.0
Built-in Versioning [Preview]
Category Stream Analytics
Microsoft Learn
Description Ensure that Stream Analytics jobs only connect to endpoints using managed identity authentication.
Cloud environments AzureCloud = true
AzureUSGovernment = unknown
AzureChinaCloud = unknown
Available in AzUSGov Unknown, no evidence if Policy definition is/not available in AzureUSGovernment
Mode All
Type BuiltIn
Preview False
Deprecated False
Effect Default
Audit
Allowed
Deny, Disabled, Audit
RBAC role(s) none
Rule aliases IF (13)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.StreamAnalytics/streamingjobs/functions[*].type Microsoft.StreamAnalytics streamingjobs properties.functions[*].type True False
Microsoft.StreamAnalytics/streamingjobs/inputs/Stream.datasource.Microsoft-EventHub-EventHub.authenticationMode Microsoft.StreamAnalytics streamingjobs/inputs properties.datasource.properties.authenticationMode True False
Microsoft.StreamAnalytics/streamingjobs/inputs/Stream.datasource.type Microsoft.StreamAnalytics streamingjobs/inputs properties.datasource.type True False
Microsoft.StreamAnalytics/streamingjobs/jobStorageAccount Microsoft.StreamAnalytics streamingjobs properties.jobStorageAccount True False
Microsoft.StreamAnalytics/streamingjobs/jobStorageAccount.authenticationMode Microsoft.StreamAnalytics streamingjobs properties.jobStorageAccount.authenticationMode True False
Microsoft.StreamAnalytics/streamingjobs/outputs/datasource.Microsoft-DataLake-Accounts.authenticationMode Microsoft.StreamAnalytics streamingjobs/outputs properties.datasource.properties.authenticationMode True False
Microsoft.StreamAnalytics/streamingjobs/outputs/datasource.Microsoft-EventHub-EventHub.authenticationMode Microsoft.StreamAnalytics streamingjobs/outputs properties.datasource.properties.authenticationMode True False
Microsoft.StreamAnalytics/streamingjobs/outputs/datasource.Microsoft-ServiceBus-Queue.authenticationMode Microsoft.StreamAnalytics streamingjobs/outputs properties.datasource.properties.authenticationMode True False
Microsoft.StreamAnalytics/streamingjobs/outputs/datasource.Microsoft-ServiceBus-Topic.authenticationMode Microsoft.StreamAnalytics streamingjobs/outputs properties.datasource.properties.authenticationMode True False
Microsoft.StreamAnalytics/streamingjobs/outputs/datasource.Microsoft-Sql-Server-Database.authenticationMode Microsoft.StreamAnalytics streamingjobs/outputs properties.datasource.properties.authenticationMode True False
Microsoft.StreamAnalytics/streamingjobs/outputs/datasource.Microsoft-Storage-Blob.authenticationMode Microsoft.StreamAnalytics streamingjobs/outputs properties.datasource.properties.authenticationMode True False
Microsoft.StreamAnalytics/streamingjobs/outputs/datasource.PowerBI.authenticationMode Microsoft.StreamAnalytics streamingjobs/outputs properties.datasource.properties.authenticationMode True False
Microsoft.StreamAnalytics/streamingjobs/outputs/datasource.type Microsoft.StreamAnalytics streamingjobs/outputs properties.datasource.type True False
Rule resource types IF (4)
Compliance
The following 1 compliance controls are associated with this Policy definition 'Stream Analytics job should use managed identity to authenticate endpoints' (ea6c4923-510a-4346-be26-1894919a5b97)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
Azure_Security_Benchmark_v3.0 IM-3 Azure_Security_Benchmark_v3.0_IM-3 Microsoft cloud security benchmark IM-3 Identity Management IM-3 Manage application identities securely and automatically Shared **Security Principle:** Use managed application identities instead of creating human accounts for applications to access resources and execute code. Managed application identities provide benefits such as reducing the exposure of credentials. Automate the rotation of credential to ensure the security of the identities. **Azure Guidance:** Use Azure managed identities, which can authenticate to Azure services and resources that support Microsoft Entra ID authentication. Managed identity credentials are fully managed, rotated, and protected by the platform, avoiding hard-coded credentials in source code or configuration files. For services that don't support managed identities, use Microsoft Entra ID to create a service principal with restricted permissions at the resource level. It is recommended to configure service principals with certificate credentials and fall back to client secrets for authentication. **Implementation and additional context:** Azure managed identities: https://docs.microsoft.com/azure/active-directory/managed-identities-azure-resources/overview Services that support managed identities for Azure resources: https://docs.microsoft.com/azure/active-directory/managed-identities-azure-resources/services-support-managed-identities Azure service principal: https://docs.microsoft.com/powershell/azure/create-azure-service-principal-azureps Create a service principal with certificates: https://docs.microsoft.com/azure/active-directory/develop/howto-authenticate-service-principal-powershell n/a link 15
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type polSet in AzUSGov
[Preview]: Microsoft cloud security benchmark v2 e3ec7e09-768c-4b64-882c-fcada3772047 Security Center Preview BuiltIn unknown
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-04-15 17:17:14 add ea6c4923-510a-4346-be26-1894919a5b97
JSON compare n/a
JSON
api-version=2021-06-01
EPAC