Azure Data Explorer - oWretch/policy GitHub Wiki
| Category | Policy | Production | Corp | Landing Zones | Platform | Identity | Sandbox | Management | Connectivity | Decommissioned |
|---|---|---|---|---|---|---|---|---|---|---|
| Azure Data Explorer |
Azure Data Explorer encryption at rest should use a customer-managed key Enabling encryption at rest using a customer-managed key on your Azure Data Explorer cluster provides additional control over the key being used by the encryption at rest. This feature is oftentimes applicable to customers with special compliance requirements and requires a Key Vault to managing the keys. |
Deny Audit Disabled |
Deny Audit Disabled |
|||||||
| Azure Data Explorer |
Azure Data Explorer should use a SKU that supports private link With supported SKUs, Azure Private Link lets you connect your virtual network to Azure services without a public IP address at the source or destination. The Private Link platform handles the connectivity between the consumer and services over the Azure backbone network. By mapping private endpoints to apps, you can reduce data leakage risks. Learn more about private links at: https://aka.ms/private-link. |
Deny Audit Disabled |
Deny Audit Disabled |
|||||||
| Azure Data Explorer |
Configure Azure Data Explorer to disable public network access Disabling the public network access property shuts down public connectivity such that Azure Data Explorer can only be accessed from a private endpoint. This configuration disables the public network access for all Azure Data Explorer clusters . |
Modify Disabled |
Modify Disabled |
|||||||
| Azure Data Explorer |
Disk encryption should be enabled on Azure Data Explorer Enabling disk encryption helps protect and safeguard your data to meet your organizational security and compliance commitments. |
Deny Audit Disabled |
Deny Audit Disabled |
|||||||
| Azure Data Explorer |
Double encryption should be enabled on Azure Data Explorer Enabling double encryption helps protect and safeguard your data to meet your organizational security and compliance commitments. When double encryption has been enabled, data in the storage account is encrypted twice, once at the service level and once at the infrastructure level, using two different encryption algorithms and two different keys. |
Deny Audit Disabled |
Deny Audit Disabled |
|||||||
| Azure Data Explorer |
Public network access on Azure Data Explorer should be disabled Disabling the public network access property improves security by ensuring Azure Data Explorer can only be accessed from a private endpoint. This configuration denies all logins that match IP or virtual network based firewall rules. |
Deny Audit Disabled |