NOTE added to the doc.

[aminpashna]

The following being added:

Azure Policy operates at a level above other Azure services by applying policy rules against PUT requests and GET responses of resource types exchanged between Azure Resource Manager and the owning resource provider (RP). However, updates to Synapse workspace firewall settings in the Azure Portal are made using POST calls, such as the replaceAllIpFirewallRules operation.
Due to this design, Azure Policy definitions cannot block changes to networking settings made via POST operations. As a result, modifications to firewall rules through the Azure Portal may bypass Azure Policy, even if restrictive policies are in place.

[prmerger-automator]

@aminpashna : Thanks for your contribution! The author(s) have been notified to review your proposed change. @ashinMSFT

[learn-build-service-prod]

Learn Build status updates of commit e23150c:

✅ Validation status: passed

File	Status	Preview URL	Details
articles/synapse-analytics/security/synapse-workspace-ip-firewall.md	✅Succeeded

For more details, please refer to the build report.

For any questions, please:

• Try searching the learn.microsoft.com contributor guides
• Post your question in the Learn support channel

[v-dirichards]

@ashinMSFT

Can you review the proposed changes?

Important: When the changes are ready for publication, adding a #sign-off comment is the best way to signal that the PR is ready for the review team to merge.

#label:"aq-pr-triaged"
@MicrosoftDocs/public-repo-pr-review-team

[aminpashna]

#sign-off

[prmerger-automator]

Invalid command: '#sign-off'. Only the assigned author of one or more file in this PR can sign off. @ashinMSFT

[v-dirichards]

Hi @aminpashna - Thanks for your review. In the public repo, pull requests should be signed off by the author, another member of the content team, or a PM.

@ashinMSFT Could you take a look? Thanks!