AzPolicyAdvertizer

last sync: 2025-Jul-23 17:34:54 UTC

[Deprecated]: Cognitive Services accounts should use customer owned storage or enable data encryption.

Azure BuiltIn Policy definition

Source Azure Portal
Display name [Deprecated]: Cognitive Services accounts should use customer owned storage or enable data encryption.
Id 11566b39-f7f7-4b82-ab06-68d8700eb0a4
Version 2.0.0-deprecated
Details on versioning
Versioning Versions supported for Versioning: 1
2.0.0 (2.0.0-deprecated)
Built-in Versioning [Preview]
Category Cognitive Services
Microsoft Learn
Description This policy is deprecated. Cognitive Services have data encryption enforced.
Cloud environments AzureCloud = true
AzureUSGovernment = unknown
AzureChinaCloud = unknown
Available in AzUSGov Unknown, no evidence if Policy definition is/not available in AzureUSGovernment
Assessment(s) Assessments count: 1
Assessment Id: aa395469-1687-78a7-bf76-f4614ef72977
DisplayName: Cognitive Services accounts should use customer owned storage or enable data encryption
Description: This policy audits any Cognitive Services account not using customer owned storage nor data encryption. For each Cognitive Services account with storage, use either customer owned storage or enable data encryption.
Remediation description: To enable encryption for Cognitive Services: 1. In the Azure portal, open Cognitive Services, 2. Select an item from the list, and open the "encryption" page, 3. Setup encryption using either Microsoft-managed keys or customer-managed keys. Learn more about configuration customer-managed keys for Cognitive Services in https://go.microsoft.com/fwlink/?linkid=2121321. To request access to bring your own storage, fill out and submit the request form from https://aka.ms/cogsvc-cmk.
Categories: Data
Severity: Low
preview: True
Mode Indexed
Type BuiltIn
Preview False
Deprecated True
Effect Default
Disabled
Allowed
Audit, Deny, Disabled
RBAC role(s) none
Rule aliases IF (3)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.CognitiveServices/accounts/encryption Microsoft.CognitiveServices accounts properties.encryption True False
Microsoft.CognitiveServices/accounts/encryption.keySource Microsoft.CognitiveServices accounts properties.encryption.keySource True False
Microsoft.CognitiveServices/accounts/userOwnedStorage[*] Microsoft.CognitiveServices accounts properties.userOwnedStorage[*] True False
Rule resource types IF (1)
Compliance
The following 4 compliance controls are associated with this Policy definition '[Deprecated]: Cognitive Services accounts should use customer owned storage or enable data encryption.' (11566b39-f7f7-4b82-ab06-68d8700eb0a4)
Rows: 1-4 / 4

Columns:

Close

Columns▼Records:
Use the filters above each column to filter and limit table data. Advanced searches can be performed by using the following operators:
<, <=, >, >=, =, *, !, {, }, ||,&&, [empty], [nonempty], rgx:
Learn more

TableFilter v0.7.3

https://www.tablefilter.com/
©2015-2025 Max Guglielmi
?
Page of 1
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
DORA_2022_2554 9.3c DORA_2022_2554_9.3c DORA 2022 2554 9.3c 9 Prevent Data Availability and Integrity Issues in ICT Systems Shared n/a Implement measures in information and communication technology (ICT) to prevent issues related to data availability, authenticity, integrity, confidentiality breaches, and data loss. 58
K_ISMS_P_2018 2.10.1 K_ISMS_P_2018_2.10.1 K ISMS P 2018 2.10.1 2.10 Establish Procedures for Managing the Security of System Operations Shared n/a Establish and implement operating procedures for managing the security of system operations such as designating system administrators, updating policies, changing rulesets, monitoring events, managing policy implementations or exceptions. 408
K_ISMS_P_2018 2.10.2 K_ISMS_P_2018_2.10.2 K ISMS P 2018 2.10.2 2.10 Establish Protective Measures for Administrator Privileges and Security Configurations Shared n/a Establish and implement protective measures with regard to administrator privileges and security configurations to ensure that important information and personal information are not exposed as a result of unauthorized access by service type or misconfigurations. 385
K_ISMS_P_2018 2.7.1b K_ISMS_P_2018_2.7.1b K ISMS P 2018 2.7.1b 2.7 Ensure Data is Encrypted at Rest and In-Transit Shared n/a Ensure data is encrypted when storing and transmitting personal and important information. 68
Initiatives usage
Rows: 1-2 / 2
Records:
Use the filters above each column to filter and limit table data. Advanced searches can be performed by using the following operators:
<, <=, >, >=, =, *, !, {, }, ||,&&, [empty], [nonempty], rgx:
Learn more

TableFilter v0.7.3

https://www.tablefilter.com/
©2015-2025 Max Guglielmi
?
Page of 1
Initiative DisplayName Initiative Id Initiative Category State Type polSet in AzUSGov
DORA 2022 2554 f9c0485f-da8e-43b5-961e-58ebd54b907c Regulatory Compliance GA BuiltIn unknown
K ISMS P 2018 e0782c37-30da-4a78-9f92-50bfe7aa2553 Regulatory Compliance GA BuiltIn unknown
History
Date/Time (UTC ymd) (i) Change type Change detail
2021-04-21 13:28:46 change Major, new suffix: deprecated (1.0.0 > 2.0.0-deprecated)
2020-06-09 16:25:53 add 11566b39-f7f7-4b82-ab06-68d8700eb0a4
JSON compare
compare mode: version left: version right:
1.0.0 → 2.0.0-deprecated RENAMED
@@ -1,26 +1,27 @@
1
  {
2
- "displayName": "Cognitive Services accounts should use customer owned storage or enable data encryption.",
3
  "policyType": "BuiltIn",
4
  "mode": "Indexed",
5
  "description": "This policy audits any Cognitive Services account not using customer owned storage nor data encryption. For each Cognitive Services account with storage, use either customer owned storage or enable data encryption.",
6
  "metadata": {
7
- "version": "1.0.0",
8
- "category": "Cognitive Services"
 
9
  },
10
  "parameters": {
11
  "effect": {
12
  "type": "String",
13
  "metadata": {
14
- "displayName": "Effect",
15
  "description": "The effect determines what happens when the policy rule is evaluated to match"
16
  },
17
  "allowedValues": [
18
  "Audit",
19
  "Deny",
20
  "Disabled"
21
  ],
22
- "defaultValue": "Audit"
23
  }
24
  },
25
  "policyRule": {
26
  "if": {
@@ -37,8 +38,12 @@
37
  },
38
  {
39
  "field": "Microsoft.CognitiveServices/accounts/encryption.keySource",
40
  "exists": "false"
 
 
 
 
41
  }
42
  ]
43
  },
44
  "then": {
 
1
  {
2
+ "displayName": "[Deprecated]: Cognitive Services accounts should use customer owned storage or enable data encryption.",
3
  "policyType": "BuiltIn",
4
  "mode": "Indexed",
5
  "description": "This policy audits any Cognitive Services account not using customer owned storage nor data encryption. For each Cognitive Services account with storage, use either customer owned storage or enable data encryption.",
6
  "metadata": {
7
+ "version": "2.0.0-deprecated",
8
+ "category": "Cognitive Services",
9
+ "deprecated": true
10
  },
11
  "parameters": {
12
  "effect": {
13
  "type": "String",
14
  "metadata": {
15
+ "displayName": "[Deprecated]: Effect",
16
  "description": "The effect determines what happens when the policy rule is evaluated to match"
17
  },
18
  "allowedValues": [
19
  "Audit",
20
  "Deny",
21
  "Disabled"
22
  ],
23
+ "defaultValue": "Disabled"
24
  }
25
  },
26
  "policyRule": {
27
  "if": {
 
38
  },
39
  {
40
  "field": "Microsoft.CognitiveServices/accounts/encryption.keySource",
41
  "exists": "false"
42
+ },
43
+ {
44
+ "field": "Microsoft.CognitiveServices/accounts/encryption",
45
+ "exists": "true"
46
  }
47
  ]
48
  },
49
  "then": {
JSON
api-version=2021-06-01
EPAC 
{7 items
  • displayName: "[Deprecated]: Cognitive Services accounts should use customer owned storage or enable data encryption.",
  • policyType: "BuiltIn",
  • mode: "Indexed",
  • description: "This policy is deprecated. Cognitive Services have data encryption enforced.",
  • metadata: {3 items
    • version: "2.0.0-deprecated",
    • category: "Cognitive Services",
    • deprecated: true
    },
  • parameters: {1 item},
  • policyRule: {2 items}
}