Hi Team,
I am trying to create Azure Synapse workspace but got failed during validation
with below error.As I am new to this Azure Synapse,request your help here.
{
"code": "InvalidTemplateDeployment",
"message": "The template deployment failed because of policy violation. Please see details for more information.",
"details": [
{
"code": "RequestDisallowedByPolicy",
"target": "shahidadls",
"message": "Resource 'shahidadls' was disallowed by policy. Reasons: 'This action is blocked by Policy 071 Assignment (MG-01-0006-cs-071-deny) which restricts storage account public access. Please set 'Allow Blob Public Access' setting of your Azure Storage Account(s) to 'Disabled' to be compliant. Visit https://pwc.sharepoint.com/sites/GBL-IFS-CSO-Policy for remediation instructions and resolution.'. See error details for policy resource IDs.",
"additionalInfo": [
{
"type": "PolicyViolation",
"info": {
"evaluationDetails": {
"evaluatedExpressions": [
{
"result": "True",
"expressionKind": "Field",
"expression": "type",
"path": "type",
"expressionValue": "Microsoft.Storage/storageAccounts",
"targetValue": "Microsoft.Storage/storageAccounts",
"operator": "Equals"
},
{
"result": "False",
"expressionKind": "Field",
"expression": "Microsoft.Storage/storageAccounts/allowBlobPublicAccess",
"path": "properties.allowBlobPublicAccess",
"targetValue": "false",
"operator": "Equals"
},
{
"result": "True",
"expressionKind": "Field",
"expression": "id",
"path": "id",
"expressionValue": "/subscriptions/4dae3df8-6c41-493f-b1cf-aaa5867dd39e/resourceGroups/shahidRG/providers/Microsoft.Storage/storageAccounts/shahidadls",
"targetValue": "/resourceGroups/databricks-rg-",
"operator": "NotContains"
},
{
"result": "True",
"expressionKind": "Field",
"expression": "id",
"path": "id",
"expressionValue": "/subscriptions/4dae3df8-6c41-493f-b1cf-aaa5867dd39e/resourceGroups/shahidRG/providers/Microsoft.Storage/storageAccounts/shahidadls",
"targetValue": "/resourceGroups/MC_",
"operator": "NotContains"
},
{
"result": "False",
"expressionKind": "Field",
"expression": "tags.enforcementId",
"path": "tags.enforcementId",
"targetValue": "true",
"operator": "Exists"
}
],
"reason": "This action is blocked by Policy 071 Assignment (MG-01-0006-cs-071-deny) which restricts storage account public access. Please set 'Allow Blob Public Access' setting of your Azure Storage Account(s) to 'Disabled' to be compliant. Visit https://pwc.sharepoint.com/sites/GBL-IFS-CSO-Policy for remediation instructions and resolution."
},
"policyDefinitionId": "/providers/Microsoft.Management/managementGroups/MG-01-0006/providers/Microsoft.Authorization/policyDefinitions/cs-secure-Storage-sa-blob-prevent-public-access",
"policyDefinitionName": "cs-secure-Storage-sa-blob-prevent-public-access",
"policyDefinitionDisplayName": "cs-secure-Storage-sa-blob-prevent-public-access-cs-071",
"policyDefinitionEffect": "deny",
"policyAssignmentId": "/providers/Microsoft.Management/managementGroups/MG-01-0006/providers/Microsoft.Authorization/policyAssignments/MG-01-0006-cs-071-deny",
"policyAssignmentName": "MG-01-0006-cs-071-deny",
"policyAssignmentDisplayName": "MG-01-0006-cs-071-cs-deny-Storage-sa-blob-prevent-public-access",
"policyAssignmentScope": "/providers/Microsoft.Management/managementGroups/MG-01-0006",
"policyAssignmentParameters": {
"effect": "deny"
}
}
}
]
}
]
}