Azure Synapse workspace validation failed

Anonymous
2023-03-28T09:58:07.06+00:00

Hi Team,

I am trying to create Azure Synapse workspace but got failed during validation

with below error.As I am new to this Azure Synapse,request your help here.

{
  "code": "InvalidTemplateDeployment",
  "message": "The template deployment failed because of policy violation. Please see details for more information.",
  "details": [
    {
      "code": "RequestDisallowedByPolicy",
      "target": "shahidadls",
      "message": "Resource 'shahidadls' was disallowed by policy. Reasons: 'This action is blocked by Policy 071 Assignment (MG-01-0006-cs-071-deny) which restricts storage account public access. Please set 'Allow Blob Public Access' setting of your Azure Storage Account(s) to 'Disabled' to be compliant. Visit https://pwc.sharepoint.com/sites/GBL-IFS-CSO-Policy for remediation instructions and resolution.'. See error details for policy resource IDs.",
      "additionalInfo": [
        {
          "type": "PolicyViolation",
          "info": {
            "evaluationDetails": {
              "evaluatedExpressions": [
                {
                  "result": "True",
                  "expressionKind": "Field",
                  "expression": "type",
                  "path": "type",
                  "expressionValue": "Microsoft.Storage/storageAccounts",
                  "targetValue": "Microsoft.Storage/storageAccounts",
                  "operator": "Equals"
                },
                {
                  "result": "False",
                  "expressionKind": "Field",
                  "expression": "Microsoft.Storage/storageAccounts/allowBlobPublicAccess",
                  "path": "properties.allowBlobPublicAccess",
                  "targetValue": "false",
                  "operator": "Equals"
                },
                {
                  "result": "True",
                  "expressionKind": "Field",
                  "expression": "id",
                  "path": "id",
                  "expressionValue": "/subscriptions/4dae3df8-6c41-493f-b1cf-aaa5867dd39e/resourceGroups/shahidRG/providers/Microsoft.Storage/storageAccounts/shahidadls",
                  "targetValue": "/resourceGroups/databricks-rg-",
                  "operator": "NotContains"
                },
                {
                  "result": "True",
                  "expressionKind": "Field",
                  "expression": "id",
                  "path": "id",
                  "expressionValue": "/subscriptions/4dae3df8-6c41-493f-b1cf-aaa5867dd39e/resourceGroups/shahidRG/providers/Microsoft.Storage/storageAccounts/shahidadls",
                  "targetValue": "/resourceGroups/MC_",
                  "operator": "NotContains"
                },
                {
                  "result": "False",
                  "expressionKind": "Field",
                  "expression": "tags.enforcementId",
                  "path": "tags.enforcementId",
                  "targetValue": "true",
                  "operator": "Exists"
                }
              ],
              "reason": "This action is blocked by Policy 071 Assignment (MG-01-0006-cs-071-deny) which restricts storage account public access. Please set 'Allow Blob Public Access' setting of your Azure Storage Account(s) to 'Disabled' to be compliant. Visit https://pwc.sharepoint.com/sites/GBL-IFS-CSO-Policy for remediation instructions and resolution."
            },
            "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/MG-01-0006/providers/Microsoft.Authorization/policyDefinitions/cs-secure-Storage-sa-blob-prevent-public-access",
            "policyDefinitionName": "cs-secure-Storage-sa-blob-prevent-public-access",
            "policyDefinitionDisplayName": "cs-secure-Storage-sa-blob-prevent-public-access-cs-071",
            "policyDefinitionEffect": "deny",
            "policyAssignmentId": "/providers/Microsoft.Management/managementGroups/MG-01-0006/providers/Microsoft.Authorization/policyAssignments/MG-01-0006-cs-071-deny",
            "policyAssignmentName": "MG-01-0006-cs-071-deny",
            "policyAssignmentDisplayName": "MG-01-0006-cs-071-cs-deny-Storage-sa-blob-prevent-public-access",
            "policyAssignmentScope": "/providers/Microsoft.Management/managementGroups/MG-01-0006",
            "policyAssignmentParameters": {
              "effect": "deny"
            }
          }
        }
      ]
    }
  ]
}
Azure Synapse Analytics
Azure Synapse Analytics
An Azure analytics service that brings together data integration, enterprise data warehousing, and big data analytics. Previously known as Azure SQL Data Warehouse.
4,369 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. KranthiPakala-MSFT 46,422 Reputation points Microsoft Employee
    2023-03-28T21:51:36.26+00:00

    Hi @Anonymous ,

    Welcome to Microsoft Q&A forum and thanks for reaching out here.

    Root cause:
    By looking at the error message, it indicates that the deployment failed because of a policy violation. Specifically, the policy cs-secure-Storage-sa-blob-prevent-public-access is blocking the creation of the storage account shahidadls because it restricts storage account public access.

    Resolution:
    To resolve this issue, Create the storage account first with default disabling the Allow Blob Public Access setting of your Azure Storage Account(s) to be compliant with the policy.

    User's image

    You can follow the remediation instructions and resolution provided in the policy details or visit the link mentioned in the error message for more information.

    Once the storage account is created as per the policy guidelines, refer/use that storage account while creating the Synapse Analytics workspace.

    Hope this info helps.

    Please don’t forget to Accept Answer and Yes for "was this answer helpful" wherever the information provided helps you, this can be beneficial to other community members.

    0 comments