Custom Policy for Synapse Analytics Private Endpoint Non-Compliant

I have created custom policy for adding private endpoints on Synapse Analytics Workspace. See Script below.

"policyRule": {
      "if": {
        "field": "type",
        "equals": "Microsoft.Synapse/workspaces"
      },
      "then": {
        "effect": "DeployIfNotExists",
        "details": {
          "type": "Microsoft.Network/privateEndpoints",
          "existenceScope": "subscription",
          "existenceCondition": {
            "allOf": [
              {
                "allOf": [
                  {
                    "field": "Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].privateLinkServiceId",
                    "equals": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Synapse/workspaces/{synapseWorkspaceName}"
                  },
                  {
                    "field": "Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]",
                    "equals": "SqlOnDemand"
                  }
                ]
              },
              {
                "allOf": [
                  {
                    "field": "Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].privateLinkServiceId",
                    "equals": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Synapse/workspaces/{synapseWorkspaceName}"
                  },
                  {
                    "field": "Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]",
                    "equals": "Sql"
                  }
                ]
              },
              {
                "allOf": [
                  {
                    "field": "Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].privateLinkServiceId",
                    "equals": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Synapse/workspaces/{synapseWorkspaceName}"
                  },
                  {
                    "field": "Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]",
                    "equals": "dev"
                  }
                ]
              }
            ]
          },

But the above policy is Non-Compliant. See image below

I believe there were a mismatch fields on the script, your help is truly appreciated. Thank you in advance geez!

As mentioned by @Romeo, replacing allOf with anyOf should resolve the issue here. Posting our discussion as an answer for the community benefit.

The functionality of allOf operator in a policy rule is to make sure that all the given conditions under a specific block should be true. If it satisfies, then only it does evaluate and triggers effect trigger. Whereas the anyOf operator evaluates to true if there is a one included condition is true.

Refer MSDoc on explaining multiple policy rules with sample definitions.

Modified existenceCondition block is given below:

Using anyOf rather than allOf checks if any one of the private endpoint configurations such as SqlOnDemand, Sql, or dev exists in the synapse, then the policy evaluates it as compliant one.

 "existenceCondition": {
          "anyOf": [
            {
              "allOf": [
                {
                  "field": "Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].privateLinkServiceId",
                  "equals": "[concat('/subscriptions/', parameters('subscriptionId'), '/resourceGroups/', parameters('resourceGroup'), '/providers/Microsoft.Synapse/workspaces/', parameters('synapseWorkspaceName'))]"
                },
                {
                  "field": "Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]",
                  "equals": "SqlOnDemand"
                }
              ]
            },
            {
              "allOf": [
                {
                  "field": "Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].privateLinkServiceId",
                  "equals": "[concat('/subscriptions/', parameters('subscriptionId'), '/resourceGroups/', parameters('resourceGroup'), '/providers/Microsoft.Synapse/workspaces/', parameters('synapseWorkspaceName'))]"
                },
                {
                  "field": "Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]",
                  "equals": "Sql"
                }
              ]
            },
            {
              "allOf": [
                {
                  "field": "Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].privateLinkServiceId",
                  "equals": "[concat('/subscriptions/', parameters('subscriptionId'), '/resourceGroups/', parameters('resourceGroup'), '/providers/Microsoft.Synapse/workspaces/', parameters('synapseWorkspaceName'))]"
                },
                {
                  "field": "Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]",
                  "equals": "dev"
                }
              ]
            }
          ]
      },

Definition created successfully:

Reference MSDoc for exploring all the logical operators available in Azure policy definition structure.