last sync: 2020-Jul-15 14:17:33 UTC

Azure Policy

Cognitive Services accounts should restrict network access

Policy DisplayName Cognitive Services accounts should restrict network access
Policy Id 037eea7a-bd0a-46c5-9a66-03aea78705d3
Policy Category Cognitive Services
Policy Description Network access to Cognitive Services accounts should be restricted. Configure network rules so only applications from allowed networks can access the Cognitive Services account. To allow connections from specific internet or on-premises clients, access can be granted to traffic from specific Azure virtual networks or to public internet IP address ranges.
Policy Mode Indexed
Policy Type BuiltIn
Policy in Preview FALSE
Policy Deprecated FALSE
Policy Effect Default: Audit
Allowed: (Audit,Deny,Disabled)
Roles used none
Policy Changes
Date/Time (UTC ymd) (i) Change Change detail
2020-05-29 15:39:09 add: Policy 037eea7a-bd0a-46c5-9a66-03aea78705d3
Used in Policy Initiative(s) none
Policy Rule
{
  "properties": {
    "displayName": "Cognitive Services accounts should restrict network access",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "Network access to Cognitive Services accounts should be restricted. Configure network rules so only applications from allowed networks can access the Cognitive Services account. To allow connections from specific internet or on-premises clients, access can be granted to traffic from specific Azure virtual networks or to public internet IP address ranges.",
    "metadata": {
      "version": "1.0.0",
      "category": "Cognitive Services"
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "The effect determines what happens when the policy rule is evaluated to match"
        },
        "allowedValues": [
          "Audit",
          "Deny",
          "Disabled"
        ],
        "defaultValue": "Audit"
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.CognitiveServices/accounts"
          },
          {
            "field": "Microsoft.CognitiveServices/accounts/networkAcls.defaultAction",
            "notEquals": "Deny"
          }
        ]
      },
      "then": {
      "effect": "[parameters('effect')]"
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/037eea7a-bd0a-46c5-9a66-03aea78705d3",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "037eea7a-bd0a-46c5-9a66-03aea78705d3"
}