Detections
Analytics

Ensure Azure Active Directory (AAD) is configured for Azure Synapse Workspace

MEDIUM

Description

Azure Synapse Workspace do not have Azure active directory (AAD) configured, this may lead to unauthorized access.

Remediation

In Azure Console -

  1. Open the Azure Portal and go to Synapse Analytics.
  2. Select the workspace you wish to edit.
  3. Under Settings, select Active Directory.
  4. Check the box to only support Azure Active Directory (an AD admin user will need to be configured).

In Terraform -

  1. In the azurerm_synapse_workspace resource, create an aad_admin block and configure accordingly.

References:
https://learn.microsoft.com/en-us/azure/synapse-analytics/sql/active-directory-authentication
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/synapse_workspace#aad_admin

Policy Details

Rule Reference ID: AC_AZURE_0257
CSP: Azure
Remediation Available: Yes
Domain: Compliance Validation
Resource: azurerm_synapse_workspace
Resource Category: Analytics
Resource Type: Synapse

Frameworks