last sync: 2020-Jul-02 13:28:37 UTC

Azure Policy

Public network access should be disabled for Cognitive Services accounts

Policy DisplayName Public network access should be disabled for Cognitive Services accounts
Policy Id 0725b4dd-7e76-479c-a735-68e7ee23d5ca
Policy Category Cognitive Services
Policy Description This policy audits any Cognitive Services account in your environment with public network access enabled. Public network access should be disabled so that only connections from private endpoints are allowed.
Policy Mode Indexed
Policy Type BuiltIn
Policy in Preview FALSE
Policy Deprecated FALSE
Policy Effect Default: Audit
Allowed: (Audit,Deny,Disabled)
Roles used none
Policy Changes
Date/Time (UTC ymd) (i) Change Change detail
2020-06-09 16:25:53 add: Policy 0725b4dd-7e76-479c-a735-68e7ee23d5ca
Used in Policy Initiative(s) none
Policy Rule
{
  "properties": {
    "displayName": "Public network access should be disabled for Cognitive Services accounts",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "This policy audits any Cognitive Services account in your environment with public network access enabled. Public network access should be disabled so that only connections from private endpoints are allowed.",
    "metadata": {
      "version": "1.0.0",
      "category": "Cognitive Services"
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "The effect determines what happens when the policy rule is evaluated to match"
        },
        "allowedValues": [
          "Audit",
          "Deny",
          "Disabled"
        ],
        "defaultValue": "Audit"
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.CognitiveServices/accounts"
          },
          {
            "field": "Microsoft.CognitiveServices/accounts/publicNetworkAccess",
            "notEquals": "Disabled"
          }
        ]
      },
      "then": {
      "effect": "[parameters('effect')]"
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/0725b4dd-7e76-479c-a735-68e7ee23d5ca",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "0725b4dd-7e76-479c-a735-68e7ee23d5ca"
}