Control: Synapse workspaces should have data exfiltration protection enabled
Description
This control checks whether Synapse workspace has data exfiltration protection enabled.
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.synapse_workspace_data_exfiltration_protection_enabledSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.synapse_workspace_data_exfiltration_protection_enabled --shareSQL
This control uses a named query:
select s.id as resource, case when managed_virtual_network_settings ->> 'preventDataExfiltration' = 'true' then 'ok' else 'alarm' end as status, case when managed_virtual_network_settings ->> 'preventDataExfiltration' = 'true' then s.title || ' data exfiltration protection enabled.' else s.title || ' data exfiltration protection disabled.' end as reason , s.resource_group as resource_group , sub.display_name as subscriptionfrom azure_synapse_workspace as s left join azure_subscription as sub on sub.subscription_id = s.subscription_id;