Azure Policy built-in definitions for Azure Stream Analytics
This page is an index of Azure Policy built-in policy definitions for Azure Stream Analytics. For additional Azure Policy built-ins for other services, see Azure Policy built-in definitions.
The name of each built-in policy definition links to the policy definition in the Azure portal. Use the link in the Version column to view the source on the Azure Policy GitHub repo.
Azure Stream Analytics
| Name (Azure portal) |
Description | Effect(s) | Version (GitHub) |
|---|---|---|---|
| Azure Stream Analytics jobs should use customer-managed keys to encrypt data | Use customer-managed keys when you want to securely store any metadata and private data assets of your Stream Analytics jobs in your storage account. This gives you total control over how your Stream Analytics data is encrypted. | audit, Audit, deny, Deny, disabled, Disabled | 1.1.0 |
| Deploy Diagnostic Settings for Stream Analytics to Event Hub | Deploys the diagnostic settings for Stream Analytics to stream to a regional Event Hub when any Stream Analytics which is missing this diagnostic settings is created or updated. | DeployIfNotExists, Disabled | 2.0.0 |
| Deploy Diagnostic Settings for Stream Analytics to Log Analytics workspace | Deploys the diagnostic settings for Stream Analytics to stream to a regional Log Analytics workspace when any Stream Analytics which is missing this diagnostic settings is created or updated. | DeployIfNotExists, Disabled | 1.0.0 |
| Resource logs in Azure Stream Analytics should be enabled | Audit enabling of resource logs. This enables you to recreate activity trails to use for investigation purposes; when a security incident occurs or when your network is compromised | AuditIfNotExists, Disabled | 5.0.0 |
| Stream Analytics job should connect to trusted inputs and outputs | Ensure that Stream Analytics jobs do not have arbitrary Input or Output connections that are not defined in the allow-list. This checks that Stream Analytics jobs don't exfiltrate data by connecting to arbitrary sinks outside your organization. | Deny, Disabled, Audit | 1.1.0 |
| Stream Analytics job should use managed identity to authenticate endpoints | Ensure that Stream Analytics jobs only connect to endpoints using managed identity authentication. | Deny, Disabled, Audit | 1.0.0 |
Next steps
- See the built-ins on the Azure Policy GitHub repo.
- Review the Azure Policy definition structure.
- Review Understanding policy effects.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for