Ensure managed virtual networks are in use for Azure Synapse Workspace

LOW

Description

Azure Synapse Workspace don't use managed virtual networks, this may make infrastructure security complex to manage.

Remediation

The workspace network configuration cannot be changed after it is created; new resource must be created to enable the managed virtual network function. To do so, follow the steps below.

In Azure Console -

Open the Azure Portal and go to Synapse Analytics.
Create a new workspace.
On the Network tab, set Managed virtual network to Enabled.
Configure the rest as needed.

In Terraform -

In the azurerm_synapse_workspace resource, set managed_virtual_network_enabled to true.

References:
https://learn.microsoft.com/en-us/azure/synapse-analytics/security/synapse-workspace-managed-vnet
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/synapse_workspace#managed_virtual_network_enabled

Policy Details

Rule Reference ID: AC_AZURE_0266

CSP: Azure

Remediation Available: Yes

Domain: Infrastructure Security

Resource: azurerm_synapse_workspace

Resource Category: Analytics

Resource Type: Synapse

Frameworks

GDPR
HIPAA
ISO-27001
NIST-800-171
NIST-800-53
NIST-CSF
PCI-DSSv3.2.1
PCI-DSSv4.0

Detections

Analytics

Ensure managed virtual networks are in use for Azure Synapse Workspace

LOW

Description

Remediation

Policy Details

Frameworks