last sync: 2020-Jul-10 14:05:01 UTC

Azure Policy

Cognitive Services accounts should use customer owned storage or enable data encryption.

Policy DisplayName Cognitive Services accounts should use customer owned storage or enable data encryption.
Policy Id 11566b39-f7f7-4b82-ab06-68d8700eb0a4
Policy Category Cognitive Services
Policy Description This policy audits any Cognitive Services account not using customer owned storage nor data encryption. For each Cognitive Services account with storage, use either customer owned storage or enable data encryption.
Policy Mode Indexed
Policy Type BuiltIn
Policy in Preview FALSE
Policy Deprecated FALSE
Policy Effect Default: Audit
Allowed: (Audit,Deny,Disabled)
Roles used none
Policy Changes
Date/Time (UTC ymd) (i) Change Change detail
2020-06-09 16:25:53 add: Policy 11566b39-f7f7-4b82-ab06-68d8700eb0a4
Used in Policy Initiative(s) none
Policy Rule
{
  "properties": {
    "displayName": "Cognitive Services accounts should use customer owned storage or enable data encryption.",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "This policy audits any Cognitive Services account not using customer owned storage nor data encryption. For each Cognitive Services account with storage, use either customer owned storage or enable data encryption.",
    "metadata": {
      "version": "1.0.0",
      "category": "Cognitive Services"
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "The effect determines what happens when the policy rule is evaluated to match"
        },
        "allowedValues": [
          "Audit",
          "Deny",
          "Disabled"
        ],
        "defaultValue": "Audit"
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.CognitiveServices/accounts"
          },
          {
            "count": {
            "field": "Microsoft.CognitiveServices/accounts/userOwnedStorage[*]"
            },
            "less": 1
          },
          {
            "field": "Microsoft.CognitiveServices/accounts/encryption.keySource",
            "exists": "false"
          }
        ]
      },
      "then": {
      "effect": "[parameters('effect')]"
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/11566b39-f7f7-4b82-ab06-68d8700eb0a4",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "11566b39-f7f7-4b82-ab06-68d8700eb0a4"
}