Microsoft
MicrosoftHi luke-MSFT ,
thanks for this great article!
Can we please review this statement?
3. DEP applies to all services within an Azure workspace including dedicated SQL pools, serverless SQL pools, Apache Spark pools and Pipelines.
In effect, the Data Exfiltration Protection feature applies only to Managed Virtual Network (as we can see here https://learn.microsoft.com/en-us/azure/synapse-analytics/security/how-to-create-a-workspace-with-data-exfiltration-protection#add-data-exfiltration-protection-when-creating-your-workspace) so the correct statement should be:
3. DEP applies to all services within a Synapse Managed Virtual Network including Apache Spark pools and Pipelines using Azure Integration Runtime.
You also have to remove "dedicated SQL pools, serverless SQL pools" from the list of services included in Managed VNet, because "Dedicated SQL pool and serverless SQL pool are multi-tenant capabilities and therefore reside outside of the Managed workspace Virtual Network" (as stated here https://learn.microsoft.com/en-us/azure/synapse-analytics/security/synapse-workspace-managed-vnet)
Moreover, this diagram is helpful to see the boundaries of the Managed VNet and the services injected into that:
Please let me know what do you think about it.
Best regards,
Luca Bovo - beanTech
