last sync: 2020-Oct-23 19:29:54 UTC

Azure Policy

Public network access should be disabled for Cognitive Services accounts

Name Public network access should be disabled for Cognitive Services accounts
Id 0725b4dd-7e76-479c-a735-68e7ee23d5ca
Version 1.0.0
details on versioning
Category Cognitive Services
Description This policy audits any Cognitive Services account in your environment with public network access enabled. Public network access should be disabled so that only connections from private endpoints are allowed.
Mode Indexed
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default: Audit
Allowed: (Audit,Deny,Disabled)
Used RBAC Role none
History
Date/Time (UTC ymd) (i) Change type Change detail
2020-06-09 16:25:53 add 0725b4dd-7e76-479c-a735-68e7ee23d5ca
Used in Initiatives none
Json
{
  "properties": {
    "displayName": "Public network access should be disabled for Cognitive Services accounts",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "This policy audits any Cognitive Services account in your environment with public network access enabled. Public network access should be disabled so that only connections from private endpoints are allowed.",
    "metadata": {
      "version": "1.0.0",
      "category": "Cognitive Services"
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "The effect determines what happens when the policy rule is evaluated to match"
        },
        "allowedValues": [
          "Audit",
          "Deny",
          "Disabled"
        ],
        "defaultValue": "Audit"
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.CognitiveServices/accounts"
          },
          {
            "field": "Microsoft.CognitiveServices/accounts/publicNetworkAccess",
            "notEquals": "Disabled"
          }
        ]
      },
      "then": {
      "effect": "[parameters('effect')]"
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/0725b4dd-7e76-479c-a735-68e7ee23d5ca",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "0725b4dd-7e76-479c-a735-68e7ee23d5ca"
}