An error occurred while saving the commentDroessler, Michael J. commented
I'm not sure this suggestion offers a concrete implementation, but I will say we've also had similar issues with Cloud Shell storage. I'd hazard there's adequate opportunity to refine the Cloud Shell experience from a governance and controls perspective. In our case, we constrained the majority of users to a point where they could only create the Storage Account in one resource group via RBAC and then added a weekly purge process on the Storage Accounts to account for the ability for users to read others Storage Accounts.
Azure Policy uses Rego language for its AKS Policy (in limited public preview today): https://docs.microsoft.com/en-us/azure/aks/support-policies
It does not support custom policy definitions yet, as we plan to move to Gatekeeper v.3 which has breaking change in its policy language.
Thank you for your feedback. Today publishing NSG Flow Logs to an Event Hub is not currently supported natively. We will continue to evaluate this suggestion and update the status accordingly.
Today, if you are interested in transforming and streaming NSG Flow Logs to a 3rd party endpoint, we have published a sample here that leverages an Azure function: https://github.com/Microsoft/AzureNetworkWatcherNSGFlowLogsConnector
Splunk has also published a blog with guidance on integrating NSG Flow Logging data here: https://www.splunk.com/blog/2017/02/20/splunking-microsoft-azure-network-watcher-data.html
Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.
This is now available for Windows apps. Linux support is coming soon.
Thanks for this suggestion. Apologies for the inconvenience this inconsistent behavior has caused, while we look into it, note a workaround that has worked for a few:
- Anavi N [MSFT]
We don’t have an exact timeline for this, but this is something we’re eager to light up and have some preliminary work underway for. This will likely show up for Storage first, but messaging services like Event Hub would be shortly after.
This capability will soon be supported and will be announced.
Thank you for this suggestion! It has been escalated to the Windows Azure engineering team for further evaluation. We will post here to gather additional information as-appropriate.
We are very excited to announce the public preview of Azure Data Factory Managed Virtual Network.
With this new feature, you can provision the Azure Integration Runtime in Managed Virtual Network and leverage Private Endpoints to securely connect to supported data stores. Your data traffic between Azure Data Factory Managed Virtual Network and data stores goes through Azure Private Link which provides secured connectivity and eliminate your data exposure to the public internet. With the Managed Virtual Network along with Private Endpoints, you can also offload the burden of managing virtual network to Azure Data Factory and protect against the data exfiltration.
To learn more about Azure Data Factory Managed Virtual Network, see https://azure.microsoft.com/blog/azure-data-factory-managed-virtual-network/
7 votesDroessler, Michael J. shared this idea ·
239 votes21 comments · Azure Active Directory » Developer Experiences · Flag idea as inappropriate… · Admin →
Thank you for the feedback! This is in the backlog and we are looking into this. We don’t have an ETA yet, but we will share once we have one. Please keep voting if this feature matters to you.
Great news – static IP range for Azure Integration Runtime is now available in all ADF regions! You can whitelist specific IP ranges for ADF as part of firewall rules. The IPs are documented here: https://docs.microsoft.com/en-us/azure/data-factory/azure-integration-runtime-ip-addresses#azure-integration-runtime-ip-addresses-specific-regions. Static IP ranges for gov cloud and China cloud will be published soon!
Please refer to this blog post on how you can use various mechanisms including trusted Azure service and static IP to secure data access through ADF:
Service tag support will be made available in next few weeks. Please stay tuned!
If your network security requirement calls for ADF support for VNet and cannot be met using Trusted Azure service (released in Oct 2019), static IP range (released in Jan 2020), or service tag (upcoming), please vote for VNet feature here: https://feedback.azure.com/forums/270578-data-factory/suggestions/37105363-data-factory-should-be-able-to-use-vnet-without-re