AzPolicyAdvertizer

last sync: 2024-Sep-18 17:50:24 UTC

Stream Analytics job should connect to trusted inputs and outputs

Azure BuiltIn Policy definition

Source Azure Portal
Display name Stream Analytics job should connect to trusted inputs and outputs
Id fe8684d6-3c5b-45c0-a08b-fa92653c2e1c
Version 1.1.0
Details on versioning
Versioning Versions supported for Versioning: 1
1.1.0
Built-in Versioning [Preview]
Category Stream Analytics
Microsoft Learn
Description Ensure that Stream Analytics jobs do not have arbitrary Input or Output connections that are not defined in the allow-list. This checks that Stream Analytics jobs don't exfiltrate data by connecting to arbitrary sinks outside your organization.
Mode All
Type BuiltIn
Preview False
Deprecated False
Effect Default
Audit
Allowed
Deny, Disabled, Audit
RBAC role(s) none
Rule aliases IF (21)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.StreamAnalytics/streamingjobs/functions[*].binding.Microsoft-MachineLearning-WebService.endpoint Microsoft.StreamAnalytics streamingjobs properties.functions[*].properties.properties.binding.properties.endpoint True False
Microsoft.StreamAnalytics/streamingjobs/functions[*].type Microsoft.StreamAnalytics streamingjobs properties.functions[*].type True False
Microsoft.StreamAnalytics/streamingjobs/inputs/Reference.datasource.Microsoft-Sql-Server-Database.server Microsoft.StreamAnalytics streamingjobs/inputs properties.datasource.properties.server True False
Microsoft.StreamAnalytics/streamingjobs/inputs/Reference.datasource.Microsoft-Storage-Blob.storageAccounts[*] Microsoft.StreamAnalytics streamingjobs/inputs properties.datasource.properties.storageAccounts[*] True False
Microsoft.StreamAnalytics/streamingjobs/inputs/Reference.datasource.Microsoft-Storage-Blob.storageAccounts[*].accountName Microsoft.StreamAnalytics streamingjobs/inputs properties.datasource.properties.storageAccounts[*].accountName True False
Microsoft.StreamAnalytics/streamingjobs/inputs/Reference.datasource.type Microsoft.StreamAnalytics streamingjobs/inputs properties.datasource.type True False
Microsoft.StreamAnalytics/streamingjobs/inputs/Stream.datasource.Microsoft-Devices-IotHubs.iotHubNamespace Microsoft.StreamAnalytics streamingjobs/inputs properties.datasource.properties.iotHubNamespace True False
Microsoft.StreamAnalytics/streamingjobs/inputs/Stream.datasource.Microsoft-ServiceBus-EventHub.serviceBusNamespace Microsoft.StreamAnalytics streamingjobs/inputs properties.datasource.properties.serviceBusNamespace True False
Microsoft.StreamAnalytics/streamingjobs/inputs/Stream.datasource.Microsoft-Storage-Blob.storageAccounts[*] Microsoft.StreamAnalytics streamingjobs/inputs properties.datasource.properties.storageAccounts[*] True False
Microsoft.StreamAnalytics/streamingjobs/inputs/Stream.datasource.Microsoft-Storage-Blob.storageAccounts[*].accountName Microsoft.StreamAnalytics streamingjobs/inputs properties.datasource.properties.storageAccounts[*].accountName True False
Microsoft.StreamAnalytics/streamingjobs/inputs/Stream.datasource.type Microsoft.StreamAnalytics streamingjobs/inputs properties.datasource.type True False
Microsoft.StreamAnalytics/streamingjobs/jobStorageAccount Microsoft.StreamAnalytics streamingjobs properties.jobStorageAccount True False
Microsoft.StreamAnalytics/streamingjobs/jobStorageAccount.accountName Microsoft.StreamAnalytics streamingjobs properties.jobStorageAccount.accountName True False
Microsoft.StreamAnalytics/streamingjobs/outputs/datasource.Microsoft-AzureFunction.functionAppName Microsoft.StreamAnalytics streamingjobs/outputs properties.datasource.properties.functionAppName True False
Microsoft.StreamAnalytics/streamingjobs/outputs/datasource.Microsoft-ServiceBus-EventHub.serviceBusNamespace Microsoft.StreamAnalytics streamingjobs/outputs properties.datasource.properties.serviceBusNamespace True False
Microsoft.StreamAnalytics/streamingjobs/outputs/datasource.Microsoft-Sql-Server-Database.server Microsoft.StreamAnalytics streamingjobs/outputs properties.datasource.properties.server True False
Microsoft.StreamAnalytics/streamingjobs/outputs/datasource.Microsoft-Storage-Blob.storageAccounts[*] Microsoft.StreamAnalytics streamingjobs/outputs properties.datasource.properties.storageAccounts[*] True False
Microsoft.StreamAnalytics/streamingjobs/outputs/datasource.Microsoft-Storage-Blob.storageAccounts[*].accountName Microsoft.StreamAnalytics streamingjobs/outputs properties.datasource.properties.storageAccounts[*].accountName True False
Microsoft.StreamAnalytics/streamingjobs/outputs/datasource.Microsoft-Storage-DocumentDB.accountId Microsoft.StreamAnalytics streamingjobs/outputs properties.datasource.properties.accountId True False
Microsoft.StreamAnalytics/streamingjobs/outputs/datasource.Microsoft-Storage-Table.accountName Microsoft.StreamAnalytics streamingjobs/outputs properties.datasource.properties.accountName True False
Microsoft.StreamAnalytics/streamingjobs/outputs/datasource.type Microsoft.StreamAnalytics streamingjobs/outputs properties.datasource.type True False
Rule resource types IF (5)
Microsoft.Devices/IotHubs
Microsoft.StreamAnalytics/streamingjobs
Microsoft.StreamAnalytics/streamingjobs/functions
Microsoft.StreamAnalytics/streamingjobs/inputs
Microsoft.StreamAnalytics/streamingjobs/outputs
Compliance Not a Compliance control
Initiatives usage none
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-02-18 17:44:00 change Minor (1.0.0 > 1.1.0)
2021-11-12 16:23:07 add fe8684d6-3c5b-45c0-a08b-fa92653c2e1c
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC