Azure Data exfiltration protection for Azure Synapse workspace is disabled

Description

Enabling data exfiltration protection for your Azure Synapse workspace can help prevent unauthorized access to your data. Data exfiltration is the unauthorized transfer of data from a network or system, and can be a potential security threat.

Fix - Runtime

Fix - Buildtime

Terraform

Resource: azurerm_synapse_workspace
Argument: data_exfiltration_protection_enabled

resource "azurerm_synapse_workspace" "pass" {
  name                                 = "example"
  resource_group_name                  = azurerm_resource_group.example.name
  location                             = azurerm_resource_group.example.location
  storage_data_lake_gen2_filesystem_id = azurerm_storage_data_lake_gen2_filesystem.example.id
  sql_administrator_login              = "sqladminuser"
  sql_administrator_login_password     = "[email protected]!"
  managed_virtual_network_enabled      = false
  data_exfiltration_protection_enabled = true
  aad_admin {
    login     = "AzureAD Admin"
    object_id = "00000000-0000-0000-0000-000000000000"
    tenant_id = "00000000-0000-0000-0000-000000000000"
  }

  tags = {
    Env = "production"
  }
}